Ricardo García wrote:
> Here's some starting context for my question ....
>
> I have a war file that has been configured to use FORM based
> authentication. I have set the <form-login-page> in the
> web.xml of the war file to point to a jsp file in my war
> file. When a user invokes any jsp without being logged
> in the login jsp is displayed. The user enters the
> userid/password submits the page to j_security_check, is
> validated and redirected to the requested page.
>
> My question is ...
>
> Has anyone ever tried discovering the page that the user is
> trying to access from within the jsp page referenced as the
> <form-login-page>? I have tried checking the HTTP headers
> and session, but have not discovered it being saved anywhere.
> Usually when a page invokes another page the HTTP header
> REFERER exists with the URL to the previous page. I have
> noticed that once the user posts the login form on my
> login.jsp to j_security_check and is authenticated they are
> redirect to the correct location .. correct location being
> back to the page they wanted to access originally. This
> would mean that it has to be somewhere, but where??
We do this manually instead of using the <form-login-page> mechanism. In the header
included at the top of every page for authentication, we capture
session.setAttribute("login.target", request.getRequestURI() );
before redirecting to the login page. If you wait until you get to the page that is
processing your login request, you've already lost the original request.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
