Justin Randall-5 wrote:
>
>
> Hi again,
>
> I thought about this a little more and I think what you're experiencing
> might be as a result of the RequestDispatcher.
>
> When the RequestDispatcher "fowards" to a URL resource, it overrides the
> SSL/Authentication constraints you have setup. There is a way of getting
> around this (which also adds an additional layer of maintenance
> programming security in your code) by using Filters.
>
> Basically, in your web.xml you define a filter for your SSL protected
> pages:
>
> <filter>
> <filter-name>MyFilterClass</filter-name>
> <filter-class>my.package.MyFilterClass</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>MyFilterClass</filter-name>
> <url-pattern>/ssl/*</url-pattern>
> <dispatcher>FORWARD</dispatcher>
> <dispatcher>INCLUDE</dispatcher>
> <dispatcher>ERROR</dispatcher>
> </filter-mapping>
>
> Below is a sample implementation of the "doFilter" that takes care of the
> redirecting:
>
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain arg2) throws IOException, ServletException {
> HttpServletRequest req = (HttpServletRequest) request;
> HttpServletResponse rsp = (HttpServletResponse) response;
> rsp.sendRedirect(req.getRequestURI());
> }
>
>
I tried this but I got the following exception and the j_security_check page
on http doesn't get redirected:
java.lang.IllegalStateException: Cannot create a session after the response
has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2221)
at org.apache.catalina.connector.Request.getSession(Request.java:2031)
at
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:832)
at
javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216)
at
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:545)
at
org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:494)
at
org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:136)
at
org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:113)
at
org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:105)
at
org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:62)
at org.apache.jsp.login_jsp._jspService(login_jsp.java:33)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at com.solidcore.bl.servlet.TagFilter.doFilter(TagFilter.java:110)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:691)
at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:469)
at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:403)
at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
at
org.apache.catalina.authenticator.FormAuthenticator.forwardToErrorPage(FormAuthenticator.java:337)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:260)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)
--
View this message in context:
http://www.nabble.com/Form-Based-Authenticattion---j_security_check-does-not-redirect-from-http-to-https-tp20910454p20912149.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
