Thread: url pattern issue - please help me...

Hello friends,

I'm using a filter for CSRF Cross-site request forgery.
This filter should executed for all actions or for all .do been called.
The application is working separately with filter.

Mapping is done like this in web.xml :
<filter>
<filter-name>sessionCheck</filter-name>
<filter-class>filterSecurity.FilterSecurityController</filter-class>
<init-param>
<param-name>config</param-name>
<param-value>WEB-INF/csrfguard.properties</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>sessionCheck</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>sessionCheck</filter-name>
<servlet-name>action</servlet-name>
</filter-mapping>

And i've done SSL setting, for security using apache tomcat.
SSL also working separately. Mapping is given like this in web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<description>No Description</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<description>USE SSL</description>
<transport-guarantee>INTEGRAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

SSL starts from first page. The problem is when I put SSL and filter both, and when i try to login i.e. when an action is called, filter is not getting executed and its giving page page cannot be displayed. Can u help me in solving this? Any idea? Should I've to change the url-pattern???

Plz help me out...

Thanks in advance

So the filter never gets hit at all?

// Json

Yeah,
The server I'm using is weblogic.
And when i don specify Security constraint its working well...
With SSL its not going to filter.