views:

1088

answers:

3

Hi,

So we are running a web application that has been tested on Tomcat, Glassfish, WebLogic and WebSphere. All run correctly except WebSphere. The issue is that filters are not processed for files under a certain directory.

For example I have a filter that checks the user's lanuage from browser cookies and another that get the user's username, in the web.xml there are configured like so:

<!-- ****************************** -->
<!-- * Security context filtering * -->
<!-- ****************************** -->

<filter>
 <filter-name>SetSecurityContextFilter</filter-name>
 <filter-class>
  com.test.security.SecurityContextServletFilter
 </filter-class>
</filter>

<!-- ****************************** -->
<!-- ** Locale context filtering ** -->
<!-- ****************************** -->

<filter>
 <filter-name>SetLocaleFilter</filter-name>
 <filter-class>
  com.test.locale.LocaleServletFilter
 </filter-class>
</filter>

<filter-mapping>
 <filter-name>SetSecurityContextFilter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
 <filter-name>SetLocaleFilter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

Both filters set a static threadlocal variable which can be accessed from a static getter, but when the same file 'test.jsp' invokes the getters, under 'contextroot/js' they return the default values (as if unset) while under 'contextroot/pages' they are correct.

Any ideas?

Thanks in advance.

+1  A: 

I have discovered what the problem was!

In my web.xml further down I have this:

    <security-constraint>
     <web-resource-collection>
      <web-resource-name>Test Application</web-resource-name>
      <url-pattern>/pages/*</url-pattern>
     </web-resource-collection>
     <auth-constraint>
             ...
     </auth-constraint>
    </security-constraint>

If I change the URL pattern to '/*' so that every page under the context root requires a login, all filters are correctly run, all the time. This does however mean that my login page doesn't have access to any css files but that's another problem!

Cheers.

Ed
A: 

Defining your login page as the form-login-page might help it get css resources as follows <form-login-config> <form-login-page>/Login.jsp</form-login-page>

Shreeni
A: 

/* is working, but the images, css and js files are not being included. any work-around is appreciated

kim