I'm using Tuckey's URL rewrite filter combined with a Home grown security filter.
/*
Also, the URL rewrite filter has the following rule:
<rule>
<name>User</name>
<from>^/user/$</from>
<to>/user.do</to>
</rule>
For a request like: myapp/user/ I am expecting this flow:
However, somehow the second step is jumped whenever Tuckey's URL Rewrite applies a rule. This leads to really unpleasant behaviour like accessing secured pages without the proper authentication.
Is there something I missed? Should I expect another behaviour?
This happens because normally the urlrewritefilter doesn't redirect the url. It's just internally forwarding it. Try adding type="redirect" as an attribute and your security filter will catch the redirected request.
<rule>
<name>User</name>
<from>^/user/$</from>
<to type="redirect">/user.do</to>
</rule>
That worked for me before.
If you do type="redirect" the client will be issued a 302 "temporary redirect" status that will eventually redirect the browser to the new url.
If you want the user to still see the old " from " url in the browser's address line, try adding these to your "security" filter:
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.