This content has been marked as final.
Show 2 replies
-
1. Re: Filters not applied to form-login-page
starksm64 Nov 18, 2004 3:02 PM (in response to coby)This is a feature of tomcat. Read this long discussion which concludes that
I received a clarification from Yutaka Yoshida (lead for the 2.4 spec) with this clarification:
"In regards to this issue, servlet EG had a consensus that Filter must not be applied for j_security_check. We believe the application component should not be involved in the container-managed security. Although we understand why people are using filter to manipulate the authentication mechanism, it doesn't solve all issues related to the security and must be addressed in a larger scope of the portable authentication mechanism, which I expect to have in the next version of the specification. "
http://issues.apache.org/bugzilla/show_bug.cgi?id=21795 -
2. Re: Filters not applied to form-login-page
coby Nov 18, 2004 3:34 PM (in response to coby)Thanks for the quick reply, however the issue for my webapp isn't that a Filter is not being applied to j_security_check, it's that the Filter is not being applied to the login-form-page (the page that does a POST to j_security_check).
Regardless, it sounds like this is a tomcat issue, and not a JBoss issue, so I'll looking for answers over there.
Thanks,
Coby