I think this is more difficult than most people think. There are a lot of
use cases and edge cases that make most home grown solutions pretty fragile.
I think GETs are pretty easy but it gets a little more exciting when you are
dealing with POSTs to a secure resource. People tend to get pissed off if
you lose their POST data and redirect them back to the form to start over.
Spring Security handles this pattern quite well. It is understandable that
you are reluctant because you are not using Spring service wiring, but you
can get robust Authentication and Authorization services with a little
configuration. The good news is your site will behave the way people expect
it to.
There are other issues like what happens when an AJAX request is sent for a
secure resource after a session timeout, etc...
Stuart Ellidge wrote:
>
> Hi Steve,
>
> What you are asking is relatively simple really - we implemented an
> interceptor to capture the current request URL and store it in the current
> value stack. We can subsequently reference it in our JSPs and use it in
> forms in several places to enable us to redirect to the original page
> after certain events occur. Here is the intercept method:
>
> public String intercept(ActionInvocation invocation) throws Exception {
> HttpServletRequest request = ServletActionContext.getRequest();
> StringBuffer returnUrl = new StringBuffer(request.getRequestURL());
> invocation.getStack().set("returnURL", returnUrl); return
> invocation.invoke(); }
>
> In your example, you would add setUrl and getUrl methods to the login
> action class and then use the ${returnURL} in your JSP to create the
> request parameter / hidden input.
>
> Also, don't forget about the ability to use OGNL within your results... so
> your result could be of type "redirect" sending to a location of ${url}
> (that being the parameter name in your example below, and resolving to
> LoginAction.getUrl().
>
> Regards
> Stuart
>
> p.s. the reason for using the interceptor, rather than just accessing the
> request URL directly in the JSP is that by the time the JSP is rendered,
> that URL points to the JSP itself, rather than the action.
>
>
>
> On 19/05/2009 16:44, "Steve" <[email protected]> wrote:
>
> I would rather avoid using Acegi as I'm not using Spring. I'm using Struts
> 2
> and EJB3.
>
> I appreciate the Acegi can be used without Spring. But it still seems like
> overkill to solve this one issue.
>
> I was hoping to generate a call to login.action like
> ".../login.action?url=<complete request string>". I guess storing the
> request string in the session would work just as well. Do you know the
> easiest way to access the request string from an interceptor or action?
>
> Many Thanks,
>
> Steve
>
> -----Original Message-----
> From: Lukasz Lenart [mailto:[email protected]]
> Sent: 19 May 2009 15:26
> To: Struts Users Mailing List
> Subject: Re: Accessing protected resources via a login page
>
> 2009/5/19 Steve <[email protected]>:
>> Can anyone advise on the best way to do this?
>
> Use Acegi, it has such functionality built-in or store request path in
> session when redirecting to login page and after successful login,
> read it from session and redirect to it. It should be achievable with
> the same interceptor you created.
>
>
> Regards
> --
> Lukasz
> http://www.lenart.org.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
>
>
--
View this message in context:
http://www.nabble.com/Accessing-protected-resources-via-a-login-page-tp23614657p23623986.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
