You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Kalle Korhonen <ka...@gmail.com> on 2009/03/09 06:59:56 UTC
Redirecting to originally requested page after successful
authentication
I'd like to automatically redirect user to the originally requested page
after a successful authentication. How is one supposed to use
AccessControlFilter's saveRequest()? Looking at the Javadocs and the source
of AccessControlFilter and its subclasses, it seems like its meant to be
explicitly called by a subclass rather than controlled by setting some
property. Certainly I can make a custom implementation but it would likely
be useful if it was configurable. Compare
http://www.jsecurity.org/api/org/jsecurity/web/filter/AccessControlFilter.htmlto
Acegi's
http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/ui/AbstractProcessingFilter.html.
The latter contains a "defaultTargetUrl" but also automatically saves the
original target location, and the actual url used for redirect depends on
the value of alwaysUseDefaultTargetUrl flag. Just wondering if I missed some
class in Jsec/Ki where similar behavior is already implemented.
Kalle
Re: Redirecting to originally requested page after successful
authentication
Posted by Kalle Korhonen <ka...@gmail.com>.
On Mon, Mar 9, 2009 at 6:00 AM, Les Hazlewood <lh...@apache.org> wrote:
> That is correct - the saveRequest method is provided in this class so
> subclasses across the hierarchy don't have to re-implement the logic
> themselves.
> But IIRC, all of JSecurity's filters will redirect to the originally
> requested page after a successful authentication. This is because they all
> call the saveRequestAndRedirectToLogin if the user is required to be
> authenticated but are not yet authenticated.
Ok, this wasn't clear from the docs.
>
> However, I'm not sure how the 'defaultTargetUrl' option is related to
> saveRequestAndRedirectToLogin. Are you saying you'd like the option to
> _not_ be redirected back to the originally requested page after successful
> login?
No. In my case I was always being redirected to default DEFAULT_SUCCESS_URL
(i.e."/index.jsp") but that problem may be specific to my Tapestry
integration then if you say it should work. Where's
saveRequestAndRedirectToLogin called? In FormAuthenticationFilter I only see
it being called onAccessDenied when the request is *not* a login request.
Kalle
> On Mon, Mar 9, 2009 at 12:59 AM, Kalle Korhonen <
> kalle.o.korhonen@gmail.com> wrote:
>
>> I'd like to automatically redirect user to the originally requested page
>> after a successful authentication. How is one supposed to use
>> AccessControlFilter's saveRequest()? Looking at the Javadocs and the source
>> of AccessControlFilter and its subclasses, it seems like its meant to be
>> explicitly called by a subclass rather than controlled by setting some
>> property. Certainly I can make a custom implementation but it would likely
>> be useful if it was configurable. Compare
>> http://www.jsecurity.org/api/org/jsecurity/web/filter/AccessControlFilter.htmlto Acegi's
>> http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/ui/AbstractProcessingFilter.html.
>> The latter contains a "defaultTargetUrl" but also automatically saves the
>> original target location, and the actual url used for redirect depends on
>> the value of alwaysUseDefaultTargetUrl flag. Just wondering if I missed some
>> class in Jsec/Ki where similar behavior is already implemented.
>>
>> Kalle
>>
>
>
Re: Redirecting to originally requested page after successful
authentication
Posted by Les Hazlewood <lh...@apache.org>.
That is correct - the saveRequest method is provided in this class so
subclasses across the hierarchy don't have to re-implement the logic
themselves.
But IIRC, all of JSecurity's filters will redirect to the originally
requested page after a successful authentication. This is because they all
call the saveRequestAndRedirectToLogin if the user is required to be
authenticated but are not yet authenticated.
However, I'm not sure how the 'defaultTargetUrl' option is related to
saveRequestAndRedirectToLogin. Are you saying you'd like the option to
_not_ be redirected back to the originally requested page after successful
login?
On Mon, Mar 9, 2009 at 12:59 AM, Kalle Korhonen
<ka...@gmail.com>wrote:
> I'd like to automatically redirect user to the originally requested page
> after a successful authentication. How is one supposed to use
> AccessControlFilter's saveRequest()? Looking at the Javadocs and the source
> of AccessControlFilter and its subclasses, it seems like its meant to be
> explicitly called by a subclass rather than controlled by setting some
> property. Certainly I can make a custom implementation but it would likely
> be useful if it was configurable. Compare
> http://www.jsecurity.org/api/org/jsecurity/web/filter/AccessControlFilter.htmlto Acegi's
> http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/ui/AbstractProcessingFilter.html.
> The latter contains a "defaultTargetUrl" but also automatically saves the
> original target location, and the actual url used for redirect depends on
> the value of alwaysUseDefaultTargetUrl flag. Just wondering if I missed some
> class in Jsec/Ki where similar behavior is already implemented.
>
> Kalle
>