authenticationFailureUrl redirect

[yanke]

Hi,
if the user fails to login (ex. wrong password), I want to redirect him to a loginerror.jsp page.
I have defined that the login page (acegilogin.jsp) requires a secure channel (via channelProcessingFilter) but I forgot to specify (should I?) that also the loginerror.jsp page use the same channel.

With this situation I had a very strange behavior:

When the AbstractProcessingFilter.doFilter() method fails to attemptAuthentication() [line 296] it decides the failureUrl and calls httpResponse.sendRedirect(httpResponse.encodeRedir ectURL(httpRequest .getContextPath() + failureUrl)); [line 335]

Unfortunately since my failureUrl requires a different channel (insecure) the application is not able to the forward to loginerror page. Tomcat goes in loop (class Http11Processor.java beetween lines 754 and 859) and the browser waits an answer forever.

Now I have defined loginerror.jsp requires a secure channel and everything works ok....

My question is, is it possible to generate an exception for this kind of error so that it is easier for the developer to find out the problem? or, should it be possible to redirect to a page with a different channel?, how?

thanks in advance,
yanke

[Ben Alex]

I've looked at the AbstractProcessingFilter code but cannot see why this would cause an infinite loop.

Is some Acegi Security code looping? Or is it solely within Tomcat? Would it be possible to give me some clue as to what code is looping and why? Alternatively, if you develop a check for the problematic configuration I would be happy to check it into CVS.