[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3045) urlrewritefilter breaks basic authentication

Norman Richards (JIRA) jira-events at lists.jboss.org
Tue Aug 12 16:44:40 EDT 2008


    [ https://jira.jboss.org/jira/browse/JBSEAM-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12424659#action_12424659 ] 

Norman Richards commented on JBSEAM-3045:
-----------------------------------------

As I said, URL rewriting must always be the last filter.   If it is not the last filter, all other filters will be bypassed.   The servlet container does not appear to actually support the notion of a real internal redirect that takes the redirected URL through the entire request lifecycle, including the filter chain for the "real" URL.  

As best as I can tell, there are no conflicts between this filters.  If you still see something, can you please be more specific?

> urlrewritefilter breaks basic authentication
> --------------------------------------------
>
>                 Key: JBSEAM-3045
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3045
>             Project: Seam
>          Issue Type: Bug
>    Affects Versions: 2.0.1.GA
>            Reporter: Stephane Epardaud
>            Assignee: Norman Richards
>             Fix For: 2.1.0.BETA1
>
>
> In web.xml, if I configure the urlwritefilter before the seamfilter, any basic authentication defined in components.xml with 	
> <web:authentication-filter url-pattern="/feed/*" auth-type="basic" realm="MyRealm" precedence="0"/>
> will be ignored.
> That is, pages in the /feed/* url space will not ask for authentication, and any security restrictions requiring those pages to be accessed as logged in users will throw exceptions.
> If the urlrewritefilter is defined within the seamfilter, then all works well, except that I'm not sure outboud rewrite rules will work correctly.
> I haven't found any documentation relating the order in which these filters must be declared in the Seam documentation.
> If this is not a bug, perhaps it would be nice to document it?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the seam-issues mailing list