Servlet filtering for 2.4 API

**vtatai** · May 30th, 2005, 10:49 AM

Hello,

I know that servlet forwards (as opposed to redirects) arent supposed to be secured by ACEGI as per the post below:

http://forum.springframework.org/showthread.php?t=11025

However when using a 2.4 servlet container a filter can be used to intercept forwards (as the last post on the above thread points out). But checking the FilterSecurityInterceptor code I noticed that it does not apply the filter for requests that were already verified, so when the filter is invoked for forwards the access is not secured anymore. I tried simply removing this check and security works just fine for both requests and forwards. Is there a reason why this repeated security check is avoided, or it can be safely removed?

Regards,

Victor

**Ben Alex** · Jun 24th, 2005, 08:32 PM

We should make the behaviour switchable. I've added a task to JIRA: http://opensource.atlassian.com/proj.../browse/SEC-14

**Ben Alex** · Jun 26th, 2005, 10:58 PM

JIRA task resolved. Will be in 0.9.0.

**vtatai** · Jun 27th, 2005, 12:49 PM

Thanks a lot Ben!

Regards,

Victor

Thread: Servlet filtering for 2.4 API

Thread Tools

Display

Servlet filtering for 2.4 API

Similar Threads

Servlet writing byte[] image in jsp page

ACL based servlet filtering

forwarding to a servlet in another context

May I advice a Servlet?

Form Simplication Tags for JSP 1.2 and Servlet 2.3

Posting Permissions