I have a webapplication with a Springs CAS Filter (Servletfilter) mapped to "/*" (I can't change this setting due to the specifications of the project. So, due to the * mapping every request is forwarded to the CAS Authentication page (so far so good).
My task is to build a second login for administrators which should not interact with the CAS-Authentication. So I programmed a second Filter (Adminfilter) and in the end I am here with the following filter mapping (in this order).
1. /admin/* (Everyadmin request should be handled by the Adminfilter)
2. /* (General requests should be handled by the CAS Filter)
If the url /admin is used my Adminfilter redirects to the admin login (no chain.do is processed just a redirect). So far so good. But the login page is bound to a JSF-Request Bean actionMethod for the admin login. As you might conclude after the login request is send the Adminfilter is processed, but if I don't execute chain.do the request is cancelled at that point and the JSF function will not be processed. But if I do chain.do the cas Filter is executed (which I don t want to be happen).
I need a way to skip the filter chain. Filter A is executed and should finish afterwards but I don't want to cancel the request. All following Filters should not be executed!
Hope you got some ideas on my problem since I am stuck here for now.
One possible solution
1) After 'admin' is successfully logged in, add the 'admin' user to the session (some flag,and/or admin user details).
2) Add another filter to bypass cas login if admin is logged in. (check the session variable)
haven't give it a lot of thought, but can work I feel
Just recognized, my solution will not work .. unless you also modify the CAS filter (source code)
Joined: Oct 11, 2009
today I figured it out somehow. I came up with the idea of using a RequestDispatch to forward the requestURI taken from the request (sth like RequestDispatcher rd = request.getRequestDispatcher(request.getRequestURI()); rd.forward();
That works since the request is forwarded to the actual requested URL .... and the controller method is also invoked cause the request wasn't cancelled.