Hi Pedro,
I think this is vicious circle.
If the valves do not get called, then you have problems with the form authenticators (change session id after authentication), clustered sso valves and who knows what else. If the valves are called, then eventually the "real" content which would be served if picketlink was not there gets pushed in the Response and OutpuBuffer, forcing in some cases the response to be committed and because of that saml processing fails.
This index.html is specially constructed to be more than 8k (or whatever the buffer size is) so the buffers are forced-flush and the response is committed. So the forward to hosted page code can not reset the response (set a new content length and the likes) and the saml responses fail to be generated...
Also the way the hosted page is served is wrong. There should be a RequestDispatcher.forward and not an RequestDispatcher.include.
From the javadocs:
{code} void include(ServletRequest request, ServletResponse response) throws ServletException, IOException
Includes the content of a resource (servlet, JSP page, HTML file) in the response. In essence, this method enables programmatic server-side includes. The ServletResponse object has its path elements and parameters remain unchanged from the caller's. The included servlet cannot change the response status code or set headers; any attempt to make a change is ignored. The request and response parameters must be either the same objects as were passed to the calling servlet's service method or be subclasses of the ServletRequestWrapper or ServletResponseWrapper classes that wrap them.
This method sets the dispatcher type of the given request to DispatcherType.INCLUDE.
{code}
{code} void forward(ServletRequest request, ServletResponse response) throws ServletException, java.io.IOException
Forwards a request from a servlet to another resource (servlet, JSP file, or HTML file) on the server. This method allows one servlet to do preliminary processing of a request and another resource to generate the response. For a RequestDispatcher obtained via getRequestDispatcher(), the ServletRequest object has its path elements and parameters adjusted to match the path of the target resource.
forward should be called before the response has been committed to the client (before response body output has been flushed). If the response already has been committed, this method throws an IllegalStateException. Uncommitted output in the response buffer is automatically cleared before the forward.
The request and response parameters must be either the same objects as were passed to the calling servlet's service method or be subclasses of the ServletRequestWrapper or ServletResponseWrapper classes that wrap them.
This method sets the dispatcher type of the given request to DispatcherType.FORWARD. {code}
|