Results 1 to 4 of 4

Thread: acegilogin.jsp through Spring controllers?

Hybrid View

  1. Dec 19th, 2004, 03:19 PM #1
    eisenb
    eisenb is offline Member
    Join Date
    Oct 2004
    Posts
    53

    Default acegilogin.jsp through Spring controllers?

    Hello Again,

    One of my design objectives is to hide my view technology from the user, so I am interested in routing the login through my controllers.

    In my simple experiment, I placed the contents of acegilogin.jsp into my protected WEB-INF/jsp directory and provided handling through the signin.htm URI. In addition, I updated the applicationContext.xml so that it referred to this URI instead of acegilogin.jsp. I left the other configuration the same.

    The result of this experiment was that I was able to get my sign in page, but every submission ended in a credentials error. I'm not completely sure why this didn't work. I was wondering if somehow the filters are not getting the opportunity to perform the security check.

    If there is a way to get the desired behavior, I would appreciate it.

    Thanks,
    Bill
  2. Dec 20th, 2004, 05:16 AM #2
    Ben Alex
    Ben Alex is offline Senior Member Spring Team
    Join Date
    Aug 2004
    Location
    Sydney, Australia
    Posts
    2,768

    Default

    Did you keep the j_username and j_password and form post to j_acegi_security_check the same? Acegi Security has a filter which watches out for requests to that URI and expects those form parameters to be presented. Aside from that it doesn't have any dependencies on your form.
  3. Dec 20th, 2004, 10:00 AM #3
    eisenb
    eisenb is offline Member
    Join Date
    Oct 2004
    Posts
    53

    Default

    I think I've actually figured out what may be the problem. As represented previously, I've renamed and relocated the contents of acegilogin.jsp into signin.jsp and so it gets routed through my controller with the signin.htm URI.

    I want to force HTTPS for this, so I have the forceHttps setting set to true. This works fine for when protected resources are requested. However, a user can request this same URI without HTTPS if channel security is not present. This is unwanted behavior.

    So I added the /signin.htm to the channel security so that it forces HTTPS. This apparently causes a problem such that credentials cannot be found. Have I done something wrong in getting the desired behavior?

    Thanks,
    Bill
  4. Dec 20th, 2004, 11:43 AM #4
    eisenb
    eisenb is offline Member
    Join Date
    Oct 2004
    Posts
    53

    Default

    By the way, I am using Tomcat 5.0.28 and running everything standalone for now.

    I had noticed that when I tried to integrate just the channel security filters that my session data seemed to get "lost". Its possible that the root cause of this misbehavior lies with my container. That said, I haven't managed to run across the antedote.

    If this seems like a likely cause, I'd appreciate a tip on what is going on and why.

    Thanks,
    Bill
« Previous Thread | Next Thread »

Similar Threads

  1. Spring MVC Web Framework versus Struts
    By biguniverse in forum Web Flow
    Replies: 27
    Last Post: Aug 29th, 2012, 03:57 AM
  2. Aurora MVC for Spring to be open-sourced soon.
    By egervari in forum Web
    Replies: 5
    Last Post: Aug 9th, 2008, 05:30 AM
  3. Gaijin Studio for Spring MVC 0.9.2 Released
    By dadams in forum Announcements
    Replies: 8
    Last Post: May 30th, 2007, 10:48 PM
  4. Spring MVC Component-like Controllers
    By harmen in forum Web
    Replies: 4
    Last Post: Aug 8th, 2005, 01:58 AM
  5. Spring Framework / Spring Rich Client Library Hell?
    By steve_smith in forum Swing
    Replies: 14
    Last Post: Feb 21st, 2005, 05:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules