SecurityFilter redirects to login page again...

Thread view:

Peet - 11 Jun 2006 16:06 GMT

Hi All,

I have a problem around authenticating with SecurityFilter, and can't
see the reasons...
Container is Tomcat 5.5.9.
The problem is:
After successful authentication, response is the login page again,
although form-default-page property is a redirect.jsp for
securityfilter, where I redirect users to the proper role's starting
page. If I input and send user information again, the redirect works
properly. Just for the second time... I can't see the reasons... I have
already used securityfilter, and haven't had this error there.
I have debugged redirect.jsp, and could see that on the line
"response.sendRedirect(basePath + "admin/index.jsp")" has run, but the
result is the login page again..

Any idea, please...?

redirect.jsp's running section:

<%@ page language="java" import="java.util.*"
pageEncoding="iso-8859-2"%>
<%
String path = request.getContextPath();
String basePath =
request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
if(request.isUserInRole("admin")){
    response.sendRedirect(basePath + "admin/index.jsp");
    System.out.println(basePath + "admin/index.jsp");
}else if(request.isUserInRole("modifier")){
    response.sendRedirect(basePath + "modifier/index.jsp");
}else if(request.isUserInRole("inquirier")){
    response.sendRedirect(basePath + "inquirier/index.jsp");
}else {
    response.sendRedirect(basePath + "index.jsp");
}

%>

*******************************************************
securityfilter-config.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE securityfilter-config PUBLIC
"-//SecurityFilter.org//DTD Security Filter Configuration 2.0//EN"
"http://www.securityfilter.org/dtd/securityfilter-config_2_0.dtd">

<securityfilter-config>

    
    
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Admin resources</web-resource-name>
    <description> accessible by authenticated users of the
admin role</description>
    <url-pattern>/admin/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
    <description>These roles are allowed
access</description>
    <role-name>admin</role-name>
    </auth-constraint>
    </security-constraint>
    

    <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>lm realm</realm-name>
    <form-login-config>
    <form-login-page>/index.jsp</form-login-page>

<form-error-page>/index.jsp?badpassw=Y</form-error-page>
    <form-default-page>/redirect.jsp</form-default-page>
    </form-login-config>
    </login-config>

    <security-role>
    <description>admin role has access to this web
application</description>
    <role-name>admin</role-name>
    </security-role>

    <realm
className="org.securityfilter.realm.catalina.CatalinaRealmAdapter" />

    <realm className="org.apache.catalina.realm.JDBCRealm">
    <realm-param name ="driverName"
value="com.microsoft.jdbc.sqlserver.SQLServerDriver" />
     <realm-param name ="connectionURL"
value="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=db_licencemanager;User=myuser;Password=mypassword;SelectMethod=cursor"
/>
    <realm-param name ="connectionName" value="myuser" />
    <realm-param name ="connectionPassword" value="mypassword" />
    <realm-param name ="userTable" value="users" />
    <realm-param name ="userNameCol" value="user_name" />
    <realm-param name ="userCredCol" value="password" />
    <realm-param name ="userRoleTable" value="user_roles" />
    <realm-param name ="roleNameCol" value="role_name" />
    </realm>

    

    

</securityfilter-config>

*******************************************************
web.xml:

<?xml version="1.0" encoding="ISO-8859-1" ?>

<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
    
    <filter>
    <filter-name>Security Filter</filter-name>

<filter-class>org.securityfilter.filter.SecurityFilter</filter-class>
    <init-param>
    <param-name>config</param-name>
    <param-value>/WEB-INF/securityfilter-config.xml</param-value>
    </init-param>
    <init-param>
    <param-name>validate</param-name>
    <param-value>true</param-value>
    </init-param>
    </filter>

    
<filter-mapping>
     <filter-name>Security Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
    
<servlet>
<servlet-name>action</servlet-name>

<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>3</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app>

Thanks in advance...
Peter

Reply to this Message

Peet - 12 Jun 2006 13:54 GMT

Some additional information:

When I try to access some resources within the protected area, after
authentication the redirect is correct.
The above described error exists only when I try to do a direct login,
and hope to be redirected to the form-default-page...

Peet

> Hi All,
>
[quoted text clipped - 165 lines]
> Thanks in advance...
> Peter

Reply to this Message

SecurityFilter redirects to login page again...

Free Magazines