Standard J2EE/WEB based security should do the job. I have this running nicely with Orion server. From my public page, I put a link called "Login" to the index.html in the protected area. If the user is not authenticated, he/she is first taken to the Logon page specified by the configuration in WEB-INF/web.xml, and then, after authentication is taken to the private/index.jsp they were going to.
In fact, if the user bookmarks some private page in his browser, and then later attempts to go to that page, the authentication kicks in, and properly forwards to that page after success. Seems to me it should work the same in all J2EE compliant servers. -AP_ -----Original Message----- From: Eric Ma [mailto:[EMAIL PROTECTED]] Sent: Friday, January 18, 2002 12:51 PM To: [EMAIL PROTECTED] Subject: How to redirect user to the protected page after forced login Scenario: I need to implement a security scheme so that when a user tries to access a secure page without logging in first, (s)he is sent to the login form page. Upon successful authentication, the original page which the user tried to access. App server is WebLogic 6.1 SP1, as a result, I cannot: 1. Put the JSP pages under /WEB-INF to let the app server take care of protecting them 2. Use web container-based security scheme because in WebLogic it always send you to the welcome page after logging in, not the page the user wants to go to So far I have done the following: 1. To protect the JSP pages from being bookmarked and accessed without logging in, I use a CheckLogonTag on each JSP, redirecting the user to the login form page if (s)he has not logged in. I pass the action path of the JSP page around as a HTTP request parameter so that after authentication I know whether to send the user 2. To protect the Action URI (/do/action1 or /action1.do), I extend the ActionServlet and override the processActionPerform method to check the session variable and redirect to the login form page as necessary I hate to duplicate the security checking logic in 2 places but I haven't figured out a way to consolidate them. Can anyone share some good ideas on how to implement the security requirement I described above using Struts and WebLogic 6.1? Thanks. Eric Ma -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
