Hi Joshua,
If your security interceptor captures the request before forwarding to the
login page, it would be easier to build the requested URL by calling these
methods of HttpServletRequest.
* getServletPath();
* getPathInfo();
* getQueryString();
Regards,
Iwao
2013/6/19 Joshua Chaitin-Pollak <j...@assuredlabor.com <javascript:;>>:
> Hello,
>
> I am using the StripesStuff J2EESecurityManager and the @RolesAllowed
> annotation.
>
> When a user who fails the roles test hits a restricted page, our security
> manager class intercepts the call, gets the called URL from our
> ActionBeanContext class and stores it in the FlashScope, then returns a
> ForwardResolution to our Login page.
>
> This process works great, except when we intercept a clean URL. In that
> case, when our custom ActionBeanContext class computes the last URL, it
> ends up including the clean-URL arguments as request parameters, so
> what used to be:
>
> /api/user/1345/document/1235
>
> becomes:
>
> /api/user/14/document/35?user=14&document=35
>
> which is functionally correct, but not really attractive. Since some of
the
> pages are single page apps with anchor tags, I'd really like to keep the
URLs
> clean.
>
> It seems that by the time the SecurityManager has intercepted the call,
the
> clean url parameters have been extracted and placed into the request
> parameters.
>
> Is there a way for us to either intercept the call before the clean url
> parameters are added to the request, or alternatively is there a way to
> differentiate between clean url parameters and regular parameters?
>
> Our ActionBeanContext has a .getLastUrl() function that does something
> like this:
>
> StringBuilder sb = new StringBuilder();
> String uri =
> (String) req.getAttribute("javax.servlet.forward.request_uri");
> sb.append(uri);
> sb.append('?');
> Map<String, String[]> map
> = new HashMap<String, String[]>(req.getParameterMap());
>
> // Append the parameters to the URL
> for (String key : map.keySet()) {
> String[] values = map.get(key);
> for (String value : values) {
> sb.append(key).append('=').append(value).append('&');
> }
> }
> // Remove the last '&'
> sb.deleteCharAt(sb.length() - 1);
>
> return sb.toString();
>
>
>
>
>
------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net <javascript:;>
> https://lists.sourceforge.net/lists/listinfo/stripes-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users
