Hi Thierry,
After some more googling I finally find how to pass the original URL to
spring. While processing login, Spring Security looks for a value with the
id/name "spring-security-redirect". If it's present, Spring will set the
appropriate heading information in the request for the redirect. So as you
suggested, I put the original URL into a hidden input, something like
<input type="hidden" name="spring-security-redirect" value="${source}"/>
My problem is solved. Thanks for the help. :-)
Best wishes
Yuan-Fang
On Fri, Feb 19, 2010 at 1:05 AM, Thierry Boileau <
[email protected]> wrote:
> Hi Yuan-Fang,
>
> unfortunately, if you don't control the behaviour of the client, be aware
> that the number of solutions is quite limited.
> When you discover that the client is not authorized, you can redirect it to
> "<uri resource B>?next=<URI resource A>". Thus, resource B is able to
> prepare the request that will be posted to resource C: keep on using the
> query parameter or add an hidden field in the Web form, etc.
> You can also set cookies (that is say ask the client to set cookie, when
> redirecting to resource B), which will work only if the client supports this
> mechanism.
>
>
> Best regards,
> Thierry Boileau
>
> Hi Thierry,
>
> Thanks for the reply.
>
>
> On Thu, Feb 18, 2010 at 10:11 PM, Thierry Boileau <
> [email protected]> wrote:
>
>> Hello Yuan-Fang,
>>
>> >I'd like to know whether there's a way to instruct restlet to redirect to a
>> >particular URL?
>> yes, you can update the response with one of the Response#redirect* methods.
>> That asks the client to send another request.
>>
>>
>> But I wonder if this is really your question...
>>
>> If I understand well, in case of unauthorized acces to resource A, you
>> want the user to hit a resource B (the login page), then to be redirected to
>> resource A after a successful operation on Resource C (a POST on a "login"
>> resource, I guess).
>> I think that the first request (to the login page) must contain all
>> required data (I mean the URL of resource A) via query parameter, cookie,
>> standard header ("Referer"?), specific header, entity, etc. i.e. one of the
>> supported mechanisms in order that the login operation (done via the login
>> page) is aware of the redirected URL and redirects or transmits the message
>> correctly to the resource A.
>> You must make the required data accessible in two requests: the request to
>> resource B, the request to resource C.
>>
>
> I think that's exactly what I'm unsure of, i.e., in resource A, how to
> set the referrer for the request to resource B and in resource B, how to set
> referrer to resource C. Currently in resource A, we redirect the user to
> resource B (login page) as follows:
>
> getResponse().redirectTemporary(getRequest().getRootRef().toString()
> + "/login");
>
>
> Since we're using spring for wiring up the resources and authentication,
> spring takes over from here, intercepts the url and routes it to the
> appropriate resource. I don't know how to pass information from our restlet
> resources to the spring's HTTPRequests. Any insight is appreciated!
>
> Best regards
> Yuan-Fang
>
>
>
>> Best regards,
>> Thierry Boileau
>>
>>
>> Hi list,
>>
>> In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide
>> role-based authentication for URLs. In some (restlet) resources, we have
>> custom code for more fine-grained authorization. There's a scenario where
>> Spring grants access but our custom code requires the user to login to
>> access the resource.
>>
>> What we'd like to do is to have the webapp redirect back to the resource
>> page after successful login. However, the webapp always redirects to the
>> spring's default target URL. I'd like to know whether there's a way to
>> instruct restlet to redirect to a particular URL.
>>
>> This is how we redirect the user to the login page in the resource:
>>
>> getResponse().redirectTemporary(getRequest().getRootRef().toString() +
>> "/login");
>>
>> Thanks!
>> Yuan-Fang
>>
>> ------------------------------------------------------http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2448644
>>
>>
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2449000
