5 Replies Latest reply on Sep 11, 2002 10:05 PM by Giampaolo Tranchida

    filter for j_security_check action

    Dmitry Newbie

      I'm trying to get some hooks to the j_security_check action. So the first thing that comes to mind is to write filter that will grab j_security_check.

      I've done that but my filter never get's invoked.
      Is it a standard behaviour for the j_security_check not to go through the pipeline or I'm doing something wrong?

      Dmitry

        • 1. Re: filter for j_security_check action
          Dmitry Newbie

          As I already said before, the filter does not work for j_security_check action. But I've tried to implement servlet that redirects the request to the j_security_check.
          So the way it works:
          in login.jsp form action I specify my servlet instead of j_security_check (along with j_password and j_username ),
          the servlets doPost method does some custom logic and redirects the request to j_security_check action.

          Not exactly perfect, but works. I'd rather had a hook after the systems authentication done. Oh well...

          Folks, please let me know if there is something really wrong with what I'm trying to do.

          Dmitry A.

          • 2. Re: filter for j_security_check action
            Dmitry Newbie

            To reiterate what I wrote before:
            1. the filters do work as well as the servlets (I was using bad filter url)
            2. In order to redirect properly to the j_security_check, j_username and j_password must be passed from the request object to the responce, here is the code for the doFilter method:

            public void doFilter(ServletRequest request,
            ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
            if (filterConfig == null)
            return;

            HttpServletResponse httpResponse = (HttpServletResponse)response;
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            String redirectString = "j_security_check";
            logger.debug( "Sending redirect to: " + redirectString);

            String username = httpRequest.getParameter("j_username");

            String password = httpRequest.getParameter("j_password");

            logger.debug("j_username:" + username );
            logger.debug("j_password:" + password );

            httpResponse.sendRedirect( redirectString +"?j_username="+username+"&j_password="+password );

            chain.doFilter(httpRequest, httpResponse);
            }


            • 3. Re: filter for j_security_check action
              steve richardson Newbie

              Hi, what was the filter you specified? I tried the filter mapping below and the authentication occurs without the filter ever being invoked. Any ideas?

              <filter-mapping>
              <filter-name>security-check-filter</filter-name>
              <url-pattern>/j_security_check</url-pattern>
              </filter-mapping>

              • 4. Re: filter for j_security_check action
                Giampaolo Tranchida Newbie

                use something else than /j_security_check for example /login

                • 5. Re: filter for j_security_check action
                  Giampaolo Tranchida Newbie

                  Use something else than /j_security_check for example /login

                  Do not forget to change also the form action