> Previously, we implemented security via a filter that
> checked a cookie something like this:
>
if ( !cookie.isSet() ) {
if ( parameter.isSet() ) {
cookie.set( parameter );
} else {
redirectTo( loginPage );
}
}
> The loginPage was in a different domain so it
> couldn't set the cookie directly, instead it set a
> parameter which the filter turned into a cookie.
> Now we have a ServerAuthModule implementation that
> has the same logic.
>
> And... the filter is still in place.
>
> I had thought that by using the same cookie for the
> ServerAuthModule and the filter that the filter would
> see the cookie was set and no longer redirect.
I would expect that as well.
> But... the log shows a number of
> IllegalStateException's which come down to a line in
> the filter like: response.sendRedirect( loginPage ).
>
> It is as if it is still hitting the filters after my
> ServerAuthModule should have redirected to the login
> page.
Do you forward from the SAM to the loginPage?
I think the filter could have been configured to run on the forward.
> Is that possible?
>
> If so, is there some way to prevent it?
I don't understand the sequence of events well enough to comment.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=279286