Troubleshooting: StaticContentFilter causes WebSphere j_security_check auth
Symptom
The Process Commander StaticContentFilter
servlet filters all HTTP requests to check to see if they are requests for static content or for application requests.
By default all requests for *.jsp and *.jspx files are considered static content requests (such as for the PRMonitorServlet *.jsp files in the /prweb/admin folder), and an HTTP request for one of these JSP files will not be processed by the PegaRULES engine due to the interception by the StaticContentFilter. This is desired behavior.
However, if a you need to forward such to another application resource that is not static content, the StaticContentFilter
must be made aware of this resource.
This is necessary, for example, if you want to use form authentication with WebSphere application server. When you're using form authentication, a basic JSP or HTML file setup for user authentication is supposed to redirect to the WebSphere /j_security_check
servlet for credential verification against the user repository. This redirection is picked up by default by the StaticContentServlet as it thinks this is a static content request, and the user receives an HTTP 404 error (as there is no 'j_security_check' file on disk).
Solution
Resolution
To correct this issue, and to allow form authentication to work properly, update the pegarules.xml
file to include a custom list of excluded URL patterns for the StaticContentFilter.
In the case of the WebSphere /j_security_check servlet, use an entry similar to:
<node name="HTTP">
<map>
<entry key="GiveToApplicationServer" value="*.jsp,*.jspx,/j_security_check" />
</map>
</node>