Java EE: Unauthenticated POST and j_security_check
https://stackoverflow.com/questions/5982223
-
12-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I tried to do some research on this and came across the following question on another site:
http://www.theserverside.com/discussions/thread.tss?thread_id=36561
Unfortunately, the answer there was to switch to GET requests, which I'm hoping there's a better solution. To reiterate the problem:
The scenario is when a user is on a search page for instance, their session expires, and then they click the submit button. At this point, the login page shows up since they aren't logged in anymore. After successfully logging in, j_security_check is resending the POST request to the search from before but without any of the POST data. I would like to be able to get the POST data from the original request, or I want to configure j_security_check to never send POST requests after logging in, but instead force it to use GET requests.
Any help is greatly appreciated.
Solution
I ended up checking in the doPost method to see if request.getParameterMap().isEmpty(). If it is empty, then j_security_check sent the POST request since it doesn't send any POST data. If that is the case, I just call the doGet method instead.
