Werner Gaulke created DELTASPIKE-675:
----------------------------------------
Summary: Make intitially requested and secured page available for
redirect after login
Key: DELTASPIKE-675
URL: https://issues.apache.org/jira/browse/DELTASPIKE-675
Project: DeltaSpike
Issue Type: Improvement
Components: Security-Module
Affects Versions: 1.0.1
Reporter: Werner Gaulke
Priority: Minor
h2. Situation
DeltaSpike combined with PicketLink for security handling (users and roles).
Custom AccessdecisionVoter to check, whether the user is allowed to access a
page (by Secured Annotation in ViewConfig).
DS-Security intercept access to this page and redirects to the login. After the
login it would be nice to redirect the user to the initially requested page.
Generally this problem is independend of the used security framework, in this
case though PicketLink is used.
Reference to mailing list:
http://mail-archives.apache.org/mod_mbox/deltaspike-users/201407.mbox/%[email protected]%3E
h2. Idea for the solution
Make requested page avaiable in AccessDecisionVoterContext and let the app
handle the redirect after login. I think this could be done in SecurityUtils.
h2. Example
Attached you will find a minimal JSF/DS/PL application which uses a in memory
database. Start the application in JBOSS Wildfly and access it.
You can now click on "Admin Area" in the main-menu and DS will redirect you to
the login form. After login a LoggedIn Event by PL is fired.
A redirect to the requested page is desired.
https://www.dropbox.com/s/7k59jp1ka4xeez2/ds-pl-minimal.zip
--
This message was sent by Atlassian JIRA
(v6.2#6252)
