I'm using Tuckey's URL rewrite filter combined with a Home grown security filter.
/*
Also, the URL rewrite filter has the following rule:
<rule>
<name>User</name>
<from>^/user/$</from>
<to>/user.do</to>
</rule>
For a request like: myapp/user/ I am expecting this flow:
However, somehow the second step is jumped whenever Tuckey's URL Rewrite applies a rule. This leads to really unpleasant behaviour like accessing secured pages without the proper authentication.
Is there something I missed? Should I expect another behaviour?
If you do type="redirect" the client will be issued a 302 "temporary redirect" status that will eventually redirect the browser to the new url.
If you want the user to still see the old "from" url in the browser's address line, try adding these to your "security" filter:
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>