wood burning stoves 2.0*
The moose likes Servlets and the fly likes Problem with the url-pattern for my filter-mapping Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Problem with the url-pattern for my filter-mapping" Watch "Problem with the url-pattern for my filter-mapping" New topic
Author

Problem with the url-pattern for my filter-mapping

Brandi Fagerland
Greenhorn

Joined: Dec 15, 2003
Posts: 3
I am trying to use a Filter to interrupt the container before j_security_check is run on login.
So I need to set "j_security_check" as the url-pattern for my filter-mapping in my web.xml file:
<filter-mapping>
<filter-name>SecurityGroupFilterCheck</filter-name>
<url-pattern>j_security_check</url-pattern>
</filter-mapping>
But I get the following error when I try to do this:
"java.lang.IllegalArgumentException: Invalid <url-pattern> j_security_check in filter mapping"
Any ideas?
Thanks!
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Try doing:

The addition is the / before the j_security_check.
BTW - I have been trying to figure out how to do something, and your question helped me find the answer. So thanks to you.
[ January 07, 2004: Message edited by: Gregg Bolinger ]

GenRocket - Experts at Building Test Data
Brandi Fagerland
Greenhorn

Joined: Dec 15, 2003
Posts: 3
Awesome. Glad to have helped.
I added the "/" and I no longer get the error, but I also don't seem to be getting into the Filter. I get a 403 Forbidden Page. Could be a different problem on my end but if you have any more thoughts that would be great.
Thanks to you too.
Brandi
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

I don't know if we are trying to do the same thing or not, but maybe we can help each other out because I can't get mine to work either.
Basically, I want to use Tomcats authentication and authorization methods. However, I need to store additional information in a Bean about the user beyond what j_security_check does for me. So I thought if I made a filter that would be accessed before j_security_check was accessed I could use it it do a psuedo user check, and if valid, load the extra credentials in the session then forward on to j_security_check for it to do it's thing.
But this just isnt' working out and I can't tell why.
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
[GB : ]So I thought if I made a filter that would be accessed before j_security_check was accessed I could use it it do a psuedo user check, and if valid, load the extra credentials in the session then forward on to j_security_check for it to do it's thing.
hmm.. I'm just asking to myself why you would want to load user stuff without being sure that the user is actually who he/she claims to be? could you share with me the reason for that?


I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

Originally posted by Andres Gonzalez:
[GB : ]So I thought if I made a filter that would be accessed before j_security_check was accessed I could use it it do a psuedo user check, and if valid, load the extra credentials in the session then forward on to j_security_check for it to do it's thing.
hmm.. I'm just asking to myself why you would want to load user stuff without being sure that the user is actually who he/she claims to be? could you share with me the reason for that?

This is going to sound like I am doubling the work, but I am going to validate the user. I will verify the username and password with my filter. Then I will load the extra credentials into my UserBean and put that in the session. Then, I will let j_security_check do it's thing. The reason I want to do this is because I personally don't want to perform the athorization logic for every page to determine what ROLE the user is in. I would rather Tomcat just do that. Hope that makes sense.
Brandi Fagerland
Greenhorn

Joined: Dec 15, 2003
Posts: 3
Gregg,
Would be happy to work with you on it. That's pretty much what I'm trying to do too. I want to add the user to an LDAP group before letting j_security_check do its thing. I don't know that I have any ideas right now for us, but will continue to work on it and let you know what I find.
Thanks,
Brandi
Gregg Bolinger
GenRocket Founder
Ranch Hand

Joined: Jul 11, 2001
Posts: 15299
    
    6

From what I have been reading, it looks like that using the HttpClient API from Jakarta Commons will allow you to do this somehow. I am just having a hard time finding some sample code. But I will let you know if I find out...
krishna kuchi
Greenhorn

Joined: Jan 17, 2004
Posts: 2
cool dude
i am doing the same thing but not with html or jsp but with files in the web server.
Tomcat with our index.jsp or index.html shows the files in the server so from that user can access the files and i am thinking about access control in that.
Thanks
Maruthi kuchi
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with the url-pattern for my filter-mapping