Hi list,
first, I'm talking about Tomcat 5.0.28, but maybe those questions / pronlems
arise for other version, too.
We do have an application here which is making heavy use of frame, and
frames inside those frame and frames inside.... you know what I mean.
Our developes thought it to be a good idea, and now we can deal with the
pronlems arising.
Whn the session times out, Tomcat leads me to the login-screen - so far, so
good. However, after logging in, Tomcat doesn't know that the RequestedURL
stored in Session is in a framed view, meaning, I see the target without the
framed view.
My first approach was creating a Filter, however, I can not write any Filter
filtering j_security_check since the servlet-specs discourage this (although
Websphere supports it, but that's another story...).
So I thought about a valve...
I wrote a valve which inherits from FormAuthenticator, however, when putting
the Valve-definition itnto server.xml, I get a lot of XML-pasring-messages
(the xml iswrite, it tells me that no Context would be defined). If this
valve inherits from ValveBase, everything is fine.
What I want to do is to overwrite the original requested URL which ist
stored in Session (and where jsecurity_check forwards to), however, to need
to get hold on the Session-object, and therefore I need a Manager-Object,
and I don't see a way to do this.
Here's a snippet of the code:
protected Session getSession(HttpServletRequest aRequest, boolean create)
{
HttpSession hses = aRequest.getSession(create);
if (hses == null)
return (null);
Manager manager = aContext.getManager();
if (manager == null)
return (null);
else {
try {
return (manager.findSession(hses.getId()));
} catch (IOException e) {
return (null);
}
}
}
The variable "aContext" above is a ValveContext, and as you can imagine, I
don't need a ValveContext but org.apache.Catalina.Context... *sic*
No if I inherit my Valve from ValveBase, I don't see any way (I've read the
Catalina-Source 'til my eyes dropped out to no extend...)
Has any of you guys an idea how I can achieve what I want to (namely that
j_security_check does route to my https://myapp/index.html instead of the
saved one within FormAutheticator's Session?
Genereting a FrameBreakout is not an option, since we got tons of pages and
all are *sic* generated...
Hope my mail wasn't to confusing, if so, sorry, but I'm quite confused
myself now....
Greetings from the grounds of distress....
Greg
--
what's puzzlin' you, is the nature of my game
