Websphere 8.5 filter

Question

I am facing an issue only in Websphere 8.5. I have a login page, where after user enters username/password, an Ajax call is made to authTest/j_security_check .oauthTest is the context root of the application.

At the server side I do have 2 filters and few servlets.

<web-app>
  <servlet>
    <servlet-name>JSceurityCheck</servlet-name>
    <servlet-class>provider.oauth.servlet.JSceurityCheck</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>JSceurityCheck</servlet-name>
    <url-pattern>/j_security_check</url-pattern>
  </servlet-mapping>
<filter>
    <display-name>OAuthFilter</display-name>
    <filter-name>OAuthFilter</filter-name>
    <filter-class>oauth.filter.OAuthFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>OAuthFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>

<filter>
    <display-name>DispatchFilter</display-name>
    <filter-name>DispatchFilter</filter-name>
    <filter-class>dispatcher.filter.DispatchFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>DispatchFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

control reaches to OAuthFilter from where the chain.doFilter(request, response) call is made. Later control reaches DispatchFilter which also calls chain.doFilter(request, response).

Now the control suppose to reach to JSceurityCheck servlet, but before control reaching to that servlet websphere application server is throwing exception.

Caused by: java.lang.IllegalArgumentException: Location cannot be null in javax.servlet.http.HttpServletResponse.sendRedirect(location)
at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendRedirectWithStatusCode(WebAppDispatcherContext.java:539)
at com.ibm.ws.webcontainer.webapp.WebAppDispatcherContext.sendRedirect(WebAppDispatcherContext.java:527)
at com.ibm.ws.webcontainer.srt.SRTServletResponse.sendRedirect(SRTServletResponse.java:1350)
at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:734)
at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:228)
at com.ibm.ws.security.web.FormLoginExtensionProcessor.handleRequest(FormLoginExtensionProcessor.java:206)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:97)
at com.teamcenter.lis.provider.dispatcher.filter.DispatchFilter.doFilter(DispatchFilter.java:178)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.teamcenter.lis.provider.oauth.filter.OAuthFilter.doFilter(OAuthFilter.java:144)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:928)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1025)

The same code works in JBOSS 7, Tomcat 7 and weblogic server 12. Only in websphere 8.5 it is breaking. If anyone have any clue please let me know.

Answer 1

The /j_security_check URI triggers the WebSphere's FormLoginExtensionProcessor (some info here) which uses the j_username/j_password parameters in the HttpRequest to authenticate the user. If the information is missing it tries to redirect to the error page. Can you try changing the url-pattern to not to contain j_security_check and see if it makes a difference?