• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem with the url-pattern for my filter-mapping

 
Brandi Fagerland
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to use a Filter to interrupt the container before j_security_check is run on login.
So I need to set "j_security_check" as the url-pattern for my filter-mapping in my web.xml file:
<filter-mapping>
<filter-name>SecurityGroupFilterCheck</filter-name>
<url-pattern>j_security_check</url-pattern>
</filter-mapping>
But I get the following error when I try to do this:
"java.lang.IllegalArgumentException: Invalid <url-pattern> j_security_check in filter mapping"
Any ideas?
Thanks!
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try doing:

The addition is the / before the j_security_check.
BTW - I have been trying to figure out how to do something, and your question helped me find the answer. So thanks to you.
[ January 07, 2004: Message edited by: Gregg Bolinger ]
 
Brandi Fagerland
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Awesome. Glad to have helped.
I added the "/" and I no longer get the error, but I also don't seem to be getting into the Filter. I get a 403 Forbidden Page. Could be a different problem on my end but if you have any more thoughts that would be great.
Thanks to you too.
Brandi
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know if we are trying to do the same thing or not, but maybe we can help each other out because I can't get mine to work either.
Basically, I want to use Tomcats authentication and authorization methods. However, I need to store additional information in a Bean about the user beyond what j_security_check does for me. So I thought if I made a filter that would be accessed before j_security_check was accessed I could use it it do a psuedo user check, and if valid, load the extra credentials in the session then forward on to j_security_check for it to do it's thing.
But this just isnt' working out and I can't tell why.
 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
[GB : ]So I thought if I made a filter that would be accessed before j_security_check was accessed I could use it it do a psuedo user check, and if valid, load the extra credentials in the session then forward on to j_security_check for it to do it's thing.
hmm.. I'm just asking to myself why you would want to load user stuff without being sure that the user is actually who he/she claims to be? could you share with me the reason for that?
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Andres Gonzalez:
[GB : ]So I thought if I made a filter that would be accessed before j_security_check was accessed I could use it it do a psuedo user check, and if valid, load the extra credentials in the session then forward on to j_security_check for it to do it's thing.
hmm.. I'm just asking to myself why you would want to load user stuff without being sure that the user is actually who he/she claims to be? could you share with me the reason for that?

This is going to sound like I am doubling the work, but I am going to validate the user. I will verify the username and password with my filter. Then I will load the extra credentials into my UserBean and put that in the session. Then, I will let j_security_check do it's thing. The reason I want to do this is because I personally don't want to perform the athorization logic for every page to determine what ROLE the user is in. I would rather Tomcat just do that. Hope that makes sense.
 
Brandi Fagerland
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gregg,
Would be happy to work with you on it. That's pretty much what I'm trying to do too. I want to add the user to an LDAP group before letting j_security_check do its thing. I don't know that I have any ideas right now for us, but will continue to work on it and let you know what I find.
Thanks,
Brandi
 
Gregg Bolinger
GenRocket Founder
Ranch Hand
Posts: 15302
6
Chrome IntelliJ IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From what I have been reading, it looks like that using the HttpClient API from Jakarta Commons will allow you to do this somehow. I am just having a hard time finding some sample code. But I will let you know if I find out...
 
krishna kuchi
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
cool dude
i am doing the same thing but not with html or jsp but with files in the web server.
Tomcat with our index.jsp or index.html shows the files in the server so from that user can access the files and i am thinking about access control in that.
Thanks
Maruthi kuchi
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic