Home
TeamSite
Excluding a jsp from requiring a login
KeithB
I am currently developing some SSO functionality which requires some changes to the AuthenticationFilter class.
This is working fine although I have one small problem. I have a Role Selection jsp that is displayed when users are authenticated via SiteMinder although not yet authenticated via TeamSite (role not yet chosen). This jsp is hosted on the TeamSite server. My redirect is handled within the handleInvalidAuthentication method and looks like this:
response.sendRedirect( request.getContextPath() + "/sso/chooseuirole.jsp" ) ;
response.flushBuffer() ;
ret = true ;
This works just fine and redirects the request off to the correct page, the trouble is because I am not yet authenticated within TeamSite I am redirected back to the login page.
Is there anyway to exclude this one jsp from requiring login?
Find more posts tagged with
Comments
Bill Klish
Is there a servlet that is forwarding to this JSP, or are you calling the jsp directly?
KeithB
At the moment I am sending a redirect so I guess that would be calling it directly. Although there is probably no reason why it couldn't be forwarded from the AuthenticationFilter servlet.
KeithB
Just to let people know who search on this thread, using the following works:
request.setAttribute("fallthrough", "true");
request.getRequestDispatcher( "some/url" ).forward(request, response);
Bill Klish
Is the "fallthrough" attribute some defined constant that Interwoven is using and will continue to use in future releases/service packs or is this something you just played around with and got to work for your case?
KeithB
The fallthrough attribute is something that is used in the base authentication classes. Whether Interwoven depreciate the use of it in a future release/patch I have no idea.
