I noticed a buggy behaviour when I do direct
LogonProcess call (passing credentials) without calling
Logon before (so subject==null).
In that case the if structure in method doFilter() in
AccessFilter fires the first case (subject==null) that
tries the logonProcess by calling logonProcess method.
In the first if case there's also the
LAST_ACCESS_DENIED_URI mechanism which stores the uri
requested. LAST_ACCESS_DENIED_URI mechanism works well
for all the cases except when url requested equals
In fact in the latter case the user, after a successful
auth, will be redirected to LogonProcess again.
I solved the problem simply putting the subject==null
if case at the end of if-else strutcture before the
Doing so, unifying the LogonProcess management, in any
case the logon request will be trapped by
, while other requests will be trapped by the
subject=null if case.
This is my rapid solution to the problem. there should
be more accurate solutions.