Problem with j_security_check

Splash Forums Rewrite Users Problem with j_security_check

This topic contains 8 replies, has 2 voices, and was last updated by  Lincoln Baxter III 8 years, 7 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
  • #24227


    Hi Lincoln,

    I need your help again. I have configured Rewrite filter before our Security filer. Both with <url-pattern>/*</url-pattern>. My config is

    public Configuration getConfiguration(ServletContext context) {
        String prefix = moduleDescription.getPrefix();
        return ConfigurationBuilder.begin()
                          .addRule(Join.pathNonBinding("/views/{tail}").to("/" + prefix + "/views/{tail}"))
                          .addRule(Join.pathNonBinding("/sections/{tail}").to("/" + prefix
                                                                                    + "/sections/{tail}"));

    If I request a page, say http://localhost:8080/XYZ/views/list.jsf, I see the login page http://localhost:8080/XYZ/views/login.jsf The login page is ok. After login, I only see an exception and the URL in browser is http://localhost:8080/XYZ/views/j_security_check. I’ve debugged and could see that the request after login doesn’t go through our Security Filter. The session is invalid then (no logged in user) and the exception thrown.

    The XML config for our Security filter looks like (just that you could see some details)

    <?xml version="1.0" encoding="ISO-8859-1"?>
    				Client Secure Resources
    	<realm className="ip.client.commons.web.secfilter.realm.IPUsersMgmtSecurityRealmOrgUnit" />
    			<web-resource-name>JSF 2 Resources</web-resource-name>
    			<description>bypass JSF 2 resources loading</description>
    			<web-resource-name>Login Page</web-resource-name>
    			<description>bypass the login page</description>
    			<web-resource-name>Logout Page</web-resource-name>
    			<description>bypass the logout page</description>

    Do you have any ideas maybe what could be wrong here? Why the request doesn’t go through the second Security filter? I’m sure this is a quite simple and stupid question you have answered many times :-).

    Thanks in advance.

    • This topic was modified 8 years, 7 months ago by  Oleg.
    • This topic was modified 8 years, 7 months ago by  Oleg.
    • This topic was modified 8 years, 7 months ago by  Oleg.
    • This topic was modified 8 years, 7 months ago by  Oleg.
    • This topic was modified 8 years, 7 months ago by  Oleg.
    • This topic was modified 8 years, 7 months ago by  Oleg.

    Does your security filter handle <dispatch-type>FORWARD</dispatch-type> ?



    I don’t see any dispatch-type in web.xml (tag is missing). We use Servlet 3.0 in this JSF application. The spec. says “If you do not specify any <dispatcher> elements, then the default is REQUEST.” So, the answer to your question is no.

    Note: The filter is ca. 10 years old. We never used FORWARD. I would stay with REQUEST if possible.

    • This reply was modified 8 years, 7 months ago by  Oleg.

    Ok, then you have two choices. Either re-order the servlet filter to put the security filter in front of rewrite, or add the dispatch-type via registering the security filter in web.xml.

    I think either of those solutions (or a combination of both) will work.



    Hi Lincoln,

    Nothing works. <dispatcher>FORWARD</dispatcher> in the security filter gives a strange error in browser – the page can not be dispalyed due to endless redirects or something like. Reordering didn’t help too. Request goes now through the security filter, but the logged in user (Principal Object) is not in the session. Don’t know but it seems the Rewrite overwrites somehow Request Attributes where the Principal is.


    Released… Check the maven repos in about 2 or 3 hours for the new version, or you can get it immediately from the sonatype repositories:



    Hi Lincoln,

    It is still not working for us. But ok, I’ve removed Rewrite, we will go without it.

    Thanks for your support.


    Sorry we couldn’t get it working for you. If you have time, do you think you could upload a sample project (zipfile) that reproduces this problem? I’d love to know what the problem is and fix it for others in the future.


Viewing 9 posts - 1 through 9 (of 9 total)

The forum ‘Rewrite Users’ is closed to new topics and replies.

Comments are closed.