j_security_check filter mapping - take 2
Matt Galvin
Can someone explain why a filter mapping to the j_security_check url pattern
doesn't work? I need to have a filter run around the login process, but
don't want to write my own login servlet. I'm running WL7 SP2, so the
AuthFilter class has been deprecated (and the docs say replaced with the
filter stuff). The filter runs fine on any other url, but never seems to
get called when using j_security_check.
As far as I can tell, there is nothing in the spec that says filters
shouldn't be applied to the j_security_check and I've found several examples
on other platforms that do this, but nothing based on Weblogic.
Some help please!
Matt Galvin
GoSolutions
Vinod Mehra
j_security_check request in a special manner. It finds the username
and password, authenticate the user and then redirect to the original
resource or the error page (in case of auth failure). So the request
is just short circuited - ie. it is not processed further - that's why no
filters are applied.
If you really need to intercept j_security_check then only option for
you today is AuthFilters - which are Weblogic specific feature.
http://edocs.bea.com/wls/docs70/javadocs/weblogic/servlet/security/AuthFilte
r.html
Although these are marked as deprecated ServletFilters cannot
offer exact functionality - for example like the issue you have run into.
For the next release we have plans to replace the AuthFilter with
a more ServletFilter kind of feature, so that the users can use
standard j2ee descriptors to configure them.
--Vinod.
"Matt Galvin" <mattg...@reply-to-newsgroup.com> wrote in message
news:3e65...@newsgroups.bea.com...