SecurityFilter redirects to login page again...

[Peet]

Hi All,

I have a problem around authenticating with SecurityFilter, and can't
see the reasons...
Container is Tomcat 5.5.9.
The problem is:
After successful authentication, response is the login page again,
although form-default-page property is a redirect.jsp for
securityfilter, where I redirect users to the proper role's starting
page. If I input and send user information again, the redirect works
properly. Just for the second time... I can't see the reasons... I have
already used securityfilter, and haven't had this error there.
I have debugged redirect.jsp, and could see that on the line
"response.sendRedirect(basePath + "admin/index.jsp")" has run, but the
result is the login page again..

Any idea, please...?

redirect.jsp's running section:

<%@ page language="java" import="java.util.*"
pageEncoding="iso-8859-2"%>
<%
String path = request.getContextPath();
String basePath =
request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
if(request.isUserInRole("admin")){
response.sendRedirect(basePath + "admin/index.jsp");
System.out.println(basePath + "admin/index.jsp");
}else if(request.isUserInRole("modifier")){
response.sendRedirect(basePath + "modifier/index.jsp");
}else if(request.isUserInRole("inquirier")){
response.sendRedirect(basePath + "inquirier/index.jsp");
}else {
response.sendRedirect(basePath + "index.jsp");
}

%>

*******************************************************
securityfilter-config.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE securityfilter-config PUBLIC
"-//SecurityFilter.org//DTD Security Filter Configuration 2.0//EN"
"http://www.securityfilter.org/dtd/securityfilter-config_2_0.dtd">

<securityfilter-config>

<!-- security konfiguracio START-->
<!-- admin resources START-->
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin resources</web-resource-name>
<description> accessible by authenticated users of the
admin role</description>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed
access</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<!-- admin resources END-->

<login-config>
<auth-method>FORM</auth-method>
<realm-name>lm realm</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>

<form-error-page>/index.jsp?badpassw=Y</form-error-page>
<form-default-page>/redirect.jsp</form-default-page>
</form-login-config>
</login-config>

<security-role>
<description>admin role has access to this web
application</description>
<role-name>admin</role-name>
</security-role>


<realm
className="org.securityfilter.realm.catalina.CatalinaRealmAdapter" />

<realm className="org.apache.catalina.realm.JDBCRealm">
<realm-param name ="driverName"
value="com.microsoft.jdbc.sqlserver.SQLServerDriver" />
<realm-param name ="connectionURL"
value="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=db_licencemanager;User=myuser;Password=mypassword;SelectMethod=cursor"
/>
<realm-param name ="connectionName" value="myuser" />
<realm-param name ="connectionPassword" value="mypassword" />
<realm-param name ="userTable" value="users" />
<realm-param name ="userNameCol" value="user_name" />
<realm-param name ="userCredCol" value="password" />
<realm-param name ="userRoleTable" value="user_roles" />
<realm-param name ="roleNameCol" value="role_name" />
</realm>

<!-- <realm className="org.apache.catalina.realm.MemoryRealm" /> -->

<!-- security konfiguracio END-->

</securityfilter-config>

*******************************************************
web.xml:

<?xml version="1.0" encoding="ISO-8859-1" ?>

<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
<!-- filter: securityfilter konfiguracio START-->
<filter>
<filter-name>Security Filter</filter-name>

<filter-class>org.securityfilter.filter.SecurityFilter</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/securityfilter-config.xml</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
</filter>

<!-- map all requests to the SecurityFilter, control what it does with
configuration settings -->
<filter-mapping>
<filter-name>Security Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- filter: securityfilter konfiguracio END-->
<servlet>
<servlet-name>action</servlet-name>

<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>3</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>3</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app>

Thanks in advance...
Peter

 

[Peet]

Some additional information:

When I try to access some resources within the protected area, after
authentication the redirect is correct.
The above described error exists only when I try to do a direct login,
and hope to be redirected to the form-default-page...

Peet