涉及安全约束过滤请求 [英] Filtering requests involving security-constraints
问题描述
我有一个使用安全约束来锁定对资源的访问Java Web应用程序。我想,当需要Ajax请求身份验证操作HTTP 401响应,所以我创建了一个过滤器,在观察响应HTTP状态,如果需要相应地修改它。
I have a Java web application that uses security-constraints to lock down access to resources. I'm trying to manipulate the HTTP 401 response when authentication is required for Ajax requests, so I've created a filter that observes the HTTP status in responses and modifies it accordingly if required.
问题是,它看来,如果需要认证,过滤器不被调用直到后401已发送给浏览器。看来,安全性约束precedes请求处理链中的过滤器。我的过滤器的URL模式比任何的安全性约束更普遍。平台的WebSphere。
Problem is, it seems that if authentication is required, the filter doesn't get invoked until after the 401 has been sent to the browser. It seems that the security constraint precedes the filter in the request processing chain. My filter's url-pattern is more general than any of the security-constraints. Platform is WebSphere.
我看不到的地方在Servlet 2.5规范中指定的安全性约束和过滤器precedence。我错过了什么?
I can't see where the precedence of security-constraints and filters is specified in the Servlet 2.5 spec. Have I missed something?
推荐答案
首先,如果是未指定,这意味着它是左作为容器的实现细节。结果
所以,你应该看看的WebSphere 明确。结果
我认为同样会在的Tomcat 发生为好,因为安全方面的限制(如果我没有记错)通过阀等将precede请求链中的应用code。结果
从我的角度来看这是有道理的,因为如果分配的保护您的容器,那么如果请求到达您的过滤器就应该已经通过了你的容器的认证机制(我的观点是,过滤器是你的资源的一部分)。结果
在Tomcat中,你会通过更换解决您的问题过滤器与阀
First of all, if it is unspecified, this means that it is left as a container's implementation detail.
So you should look into WebSphere specifically.
I think the same would happen in Tomcat as well, since the security constraints (if I recall correctly) are implemented via Valves and so would precede the application code in the request chain.
From my point of view it makes sense, since if you assign the protection to your container, then if the request reaches your filter then it should have already passed your container's authentication mechanism (my point of view is that the filter is part of your resources).
In Tomcat you would solve your problem by replacing the Filter with a Valve
这篇关于涉及安全约束过滤请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
