We have a whitespace removal filter that trims whitespace from the response, however this is not being applied to the j_security_check login page.
Using Spring this can be resolved as the security is done by another filter, but as we are using the default JBoss security config this is not an option.
Our JSP version does not support the trimdirectivewhitespace, and we can't upgrade.
Can we either
- Implement the filter in any simple way (I don't want to be adding in any extra libraries or anything)?
- Redirect the login form - the login page gets the filter, but the intercepted response does not (if that makes sense)?
Security config
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure realm</web-resource-name>
<url-pattern>/secure/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>secureUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Login config
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login</form-login-page>
<form-error-page>/Error</form-error-page>
</form-login-config>
</login-config>
User config
<security-role>
<description>Secure User</description>
<role-name>secureUser</role-name>
</security-role>