Would be interesting to control where a user goes, e.g. always redirecting
them to the home page. Unfortunately, I don't have an answer to your
question, just another observation:
you don't even have to submit the page to j_security_check (see e.g.
atm/atm-web/login.jsp) - orion -knows- where to send the request from the
page specified in FORM based authentication. The regular case would be that
the same page is served (without specifying the ACTION attribute to the
<FORM>), but Orion nicely processes your request and does the 'appropriate'
thing.
I have not had time to try to look inside orion to find out what they are
doing internally. If an answer is found to this question, I'd sure like to
hear about it
--peter
-----Original Message-----
From: Trujillo, Kris [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 1:24 PM
To: Orion-Interest
Subject: FORM based authentication with <form-login-page> as a JSP
Here's some starting context for my question ....
I have a war file that has been configured to use FORM based authentication.
I have set the <form-login-page> in the web.xml of the war file to point to
a jsp file in my war file. I have setup constraints against different jsps
in the war file (/foo/foo.jsp, /foo2/foo.jsp, etc). When a user invokes any
jsp without being logged in the login jsp is displayed. The user enters the
userid/password submits the page to j_security_check, is validated and
redirected to the requested page.
My question is ...
Has anyone ever tried discovering the page that the user is trying to access
from within the jsp page referenced as the <form-login-page>? I have tried
checking the HTTP headers and session, but have not discovered it being
saved anywhere. Usually when a page invokes another page the HTTP header
REFERER exists with the URL to the previous page. I have noticed that once
the user posts the login form on my login.jsp to j_security_check and is
authenticated they are redirect to the correct location .. correct location
being back to the page they wanted to access originally. This would mean
that it has to be somewhere, but where??
RE: FORM based authentication with as a JSP
SAURUGGER,PETER (A-PaloAlto,ex2) Fri, 07 Sep 2001 16:38:35 -0700
- FORM based authentication with <form-l... Trujillo, Kris
- Re: FORM based authentication with &... SAURUGGER,PETER (A-PaloAlto,ex2)
- Re: FORM based authentication with &... Daniel Lopez
