I will be out of the office from 10-Sep-2001 to 03-Oct-2001, with limited email and voice mail access. For business matters, please click on the link below to contact the relevant person.
PetStore eXtreme matters :James H. Brooks
Other business matters, my manager : David L. Johnson
Thank you.
Chris Chelliah
Would be interesting to control where a user goes, e.g. always redirecting them to the home page. Unfortunately, I don't have an answer to your question, just another observation: you don't even have to submit the page to j_security_check (see e.g. atm/atm-web/login.jsp) - orion -knows- where to send the request from the page specified in FORM based authentication. The regular case would be that the same page is served (without specifying the ACTION attribute to the <FORM>), but Orion nicely processes your request and does the 'appropriate' thing. I have not had time to try to look inside orion to find out what they are doing internally. If an answer is found to this question, I'd sure like to hear about it --peter -----Original Message----- From: Trujillo, Kris [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 1:24 PM To: Orion-Interest Subject: FORM based authentication with <form-login-page> as a JSP Here's some starting context for my question .... I have a war file that has been configured to use FORM based authentication. I have set the <form-login-page> in the web.xml of the war file to point to a jsp file in my war file. I have setup constraints against different jsps in the war file (/foo/foo.jsp, /foo2/foo.jsp, etc). When a user invokes any jsp without being logged in the login jsp is displayed. The user enters the userid/password submits the page to j_security_check, is validated and redirected to the requested page. My question is ... Has anyone ever tried discovering the page that the user is trying to access from within the jsp page referenced as the <form-login-page>? I have tried checking the HTTP headers and session, but have not discovered it being saved anywhere. Usually when a page invokes another page the HTTP header REFERER exists with the URL to the previous page. I have noticed that once the user posts the login form on my login.jsp to j_security_check and is authenticated they are redirect to the correct location .. correct location being back to the page they wanted to access originally. This would mean that it has to be somewhere, but where??
