Christophe Verré wrote:
How to ensure that the first request containing login information will be protected as the user will put the information in the very first screen which might be ...xxxx/login.jsp
That's what they mean by 'when you are using declarative authentication , the client never makes any direct request for the login'. If the client access a protected resource, he will be asked to login. So if you protect all resources, the client will have to login at least once before accessing any page.
Vijitha Kumara wrote:
B Misra wrote:1) In HFSJ in page 715 it says we can not just modify the response after call to chain.doFilter() as by when the execution pointer returns the request already have been posted back to the client as it do not wait for the filter method to finish. But in page 723 it is flushing the custom output stream after the call to chain.doFilter() - please explain where I am making a mistake?
Both are correct. In your first query it is talking about a normal response object(HttpServletRespone) so the last component in the chain may flush (committed) the response before the control comes to the filter. In second query, when you have a wrapped object you are not flushing the actual response object but the wrapper object which wraps the actual response object . Did I get your question right?