AW: Manager activeSessions and customized error page
Von: Mark Thomas <[hidden email]>
Gesendet: Mo 14.05.2012 18:25
Betreff: Re: AW: Manager activeSessions and customized error page
An: Tomcat Users List <[hidden email]>;
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 14/05/2012 16:58, Christopher Schultz wrote:
> > Thomas,
> > On 5/14/12 9:44 AM, Thomas Rohde wrote:
> >> A Filter was my first approach. But the filter is invoked after
> >> authentication has taken place. And for authentication a session
> >> is needed. ;-)
> > Right: the form authenticator is in a Valve and Valves run before
> > Filters.
> >> A HttpSessionListener is invoked AFTER a session is created.
> > Hrm.
> >> It seems that every approach has some ugly pitfalls. :(
> > Agreed. Perhaps a different exception type could be used? We are
> > using IllegalStateException but there's no particular reason a
> > different subclass of RuntimeException couldn't be used in this
> > case: something that could then be mapped in web.xml using
> > <error-page>.
> > Since it would technically be a change to the API to throw
> > something other than IllegalStateException, you might get some
> > push-back on a solution like this.