Discussions

Web tier: servlets, JSP, Web frameworks: I have problem with Filters and j_security_check on JBoss/Tomcat

  1. I have problem with Filters and j_security_check .

    I need to do some additional actions after authentication and I decided to use filter for j_security_check.

    Here my filter code:

    public class PostLoginFilter implements Filter {

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain
     filterChain) throws IOException, ServletException {

            System.out.println(?Before j_security_check?);
            filterChain.doFilter(servletRequest, servletResponse);
            System.out.println(?After j_security_check?);
            // My code here
            ?.
        }
        ?
    }



    Web.xml

    <filter>
            <description>This filter is executed after login</description>
            <filter-name>PostLoginFilter</filter-name>
            <filter-class>PostLoginFilter</filter-class>
        </filter>

      <filter-mapping>
            <filter-name>PostLoginFilter</filter-name>
            <url-pattern>/j_security_check</url-pattern>
        </filter-mapping>




    Login page form:

    <form name="loginForm" method="get" action="j_security_check">
    Username: <input type="text" name="j_username"/>
    <br/>
    Password: <input type="password" name="j_password">
    <br/>
    <input type="submit" name="btnSubmit" value="Sign In" />
    </form>



    But JBoss/Tomcat does not execute it.

    I use JBoss 4.0.1SP1.

    I also tried with Tomcat 5.5.7, the same problem.

    Is it Tomcat bug????
    Or Tomcat does not support filters on j_security_check???
  2. Hello

    I have the same problem
    I can't get login/password from users where
    j_security_check jsp/file

    add a filter to j_security_check don't work
    that's seems to be a bug ?

    the only one BAD solution is for me :

    make a authentify.jsp => servlet authentify => redirect to the request URL hook by le login page

    login.jsp
    <form method="POST" name="login" action="/oraux/j_security_check" >
    <input type="text" name="j_username" value="<%=the_last_input%>">
    <input type="password" name="j_password" value="<%=the_last_input%>">
    </form>

    <script>document.login.submit();</script>

    If you have i better solution please mail me
    my solution is not nice but it exist.

    Denis
  3. A solution?[ Go to top ]

    I have seen this before. I think that the problem is setting your filter for /j_security_check. If you set your filter to the same pattern as your <web-resource-collection> you will see the filter working.

    <web-resource-collection>
      <web-resource-name>SecurePages</web-resource-name>
      <description>Security constraint /secure</description>
      <url-pattern>/secure/*</url-pattern>
    </web-resource-collection>

    <filter>
      <description>This filter is executed after login</description>
      <filter-name>PostLoginFilter</filter-name>
      <filter-class>PostLoginFilter</filter-class>
    </filter>

    <filter-mapping>
      <filter-name>PostLoginFilter</filter-name>
      <url-pattern>/secure/*</url-pattern>
    </filter-mapping>
  4. Is the characteristic (ie. <url-pattern> must equal to "j_security_check") only peculiar to JBoss and is not a JAAS standard ?

    For Websphere, it is recommended to use <url-pattern>/j_security_check</url-pattern> as indicated in this page.
    I have seen this before. I think that the problem is setting your filter for /j_security_check. If you set your filter to the same pattern as your <web-resource-collection> you will see the filter working
  5. Just got my filter executed just now after I drop the prefix "/" from j_security_check. I got the inspiration from here.
  6. Hold on to the champagne, as now I've been getting "ERROR [ContextConfig] Parse error in application web.xml
    java.lang.IllegalArgumentException: Invalid <url-pattern> j_security_check in filter mapping" !

    Only after putting back the "/" does the error dissappear.

    This is very strange as there weren't any problem for quite a while after the "/" was removed.

    Further search through the internet reveal something discouraging about using a filter for j_security_check for JBoss. The site is here. In order to use a filter, one will need to write her own FormAuthenticator. As these are words from Scott Stark himself, we just have to take it.
    Just got my filter executed just now after I drop the prefix "/" from j_security_check. I got the inspiration from here.
  7. works in tomcat[ Go to top ]

    This works on Tomcat.. LoginFilter com.example.LoginFilter LoginFilter /j_security_check REQUEST FORWARD
  8. Apologies[ Go to top ]

    Sorry.. looks like it doesn't work after all... j_security_check didn't cause filter to kick off. did some more investigation.. http://marc2.theaimsgroup.com/?l=tomcat-user&m=107558949928823&w=2
  9. WebSphere does it[ Go to top ]

    I found that WebSphere does support the filter approach. It does make sense that it would support it. I wonder why Tomcat or the spec said that it cannot be filtered. So I was wondering what we can do that is portable?