I am working on a Web App and I don't know how to do something. I am requiring that the user login to access certain aspects of the web app. So when the user clicks on a link, I check the session for the user and if it exists, all is fine, I can go on to the link. However, if the user does not exist I redirect to the login page. What I need to do now is after they login, go to the page they were originially requesting. So how do I store that information in the session so that I know where I am supposed to foward to after the user logs in? Thanks.
In our current project, we use form-based authentication to accomplish this functionality. In web.xml, you define the URLs that you want to secure, the login page URL (which can be a .do), and a login error page. The container handles the rest transparently and it works exactly as you described. That is, once you've got the proper settings in web.xml, any requests for a secured page will make the container check if there is an authenticated user for that session. If not, it remembers what the original URL requested was, then brings up the login page. Once a valid username/password is entered, the originally requested page is brought up. There are some things you have to handle specifically in your application though such as when a password has expired and when a session times out. You might also want to use SSL if the secure pages contain really sensitive data.
The best ideas are the crazy ones. If you have a crazy idea and it works, it's really valuable.—Kent Beck
I actually have a similiar requirement, but only a few pages where it is a requirement for the user to be logged in. When the action is called that directs to a sensitive spot, it checks for a login as yours does. If that check fails, it sets a session value describing a struts target - which forwards back to this action after the user has logged in. After the login action verifies the user, it checks to see if this session target value is set. If so, it then forwards the user to that target value, as opposed to the standard page after a login. HTH. Paul
Hi there ! Paul, how do you redirect/forward the user to the originally requested page ? Via response.sendRedirect or dynamically changing the �path� value for a struts-config.xml forward ? (is that possible?) In fact , I�m using a ServletFilter to check if the user is properly logged. From there, I keep the requested URL in a session attribute and upon successful login , I�m sending the user back to the originally asked URL. It works fine , but I don�t like bypassing the controller via response object... I�d like a way of doing this under Struts... Any idea ? Tks F�bio
Originally posted by fabio gama: Hi there ! Paul, how do you redirect/forward the user to the originally requested page ? Via response.sendRedirect or dynamically changing the �path� value for a struts-config.xml forward ? (is that possible?)
For my purposes mapping.findForward(target) has worked quite well. Any action that might make this call to LoginAction, I have defined as a forward in struts-config.xml, and that is the referenced target. I am not sure about dynamically changing values in the struts-config.xml file. I've heard of it, but never done it myself.