Previously, we implemented security via a filter that checked a cookie something like this:
if ( !cookie.isSet() ) {
if ( parameter.isSet() ) {
cookie.set( parameter );
} else {
redirectTo( loginPage );
}
}
The loginPage was in a different domain so it couldn't set the cookie directly, instead it set a parameter which the filter turned into a cookie.
Pretty straight forward.
Now we have a ServerAuthModule implementation that has the same logic.
And... the filter is still in place.
I had thought that by using the same cookie for the ServerAuthModule and the filter that the filter would see the cookie was set and no longer redirect.
But... the log shows a number of IllegalStateException's which come down to a line in the filter like: response.sendRedirect( loginPage ).
It is as if it is still hitting the filters after my ServerAuthModule should have redirected to the login page.
Is that possible?
If so, is there some way to prevent it?
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=279269