Here's some starting context for my question .... I have a war file that has been configured to use FORM based authentication. I have set the <form-login-page> in the web.xml of the war file to point to a jsp file in my war file. When a user invokes any jsp without being logged in the login jsp is displayed. The user enters the userid/password submits the page to j_security_check, is validated and redirected to the requested page.
My question is ... Has anyone ever tried discovering the page that the user is trying to access from within the jsp page referenced as the <form-login-page>? I have tried checking the HTTP headers and session, but have not discovered it being saved anywhere. Usually when a page invokes another page the HTTP header REFERER exists with the URL to the previous page. I have noticed that once the user posts the login form on my login.jsp to j_security_check and is authenticated they are redirect to the correct location .. correct location being back to the page they wanted to access originally. This would mean that it has to be somewhere, but where??
