You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Lukas Österreicher <lu...@inode.at> on 2003/11/19 18:23:16 UTC
Preserving original request until after login redirect
Hello
I have recently posted a problem I had and then
was told to look at "Redirecting after Logon".
As far as I have seen (I think I do not have all posts though)
this is not a solution for me as it uses predefined structures
already hardwired into struts.
My Problem is the following:
I have user-defined user bean which is put into the
session indicating which user is logged in with that session.
Most pages require the user to be logged in, some do not
(this is checked for in each Action).
Now, for instance I have a page that lists radio
programs. Clicking on one should display the tracks
that are contained in a specific program. For this
a programId parameter is passed in a form.
The program list page is browsable without
authentication, but the track list page is not.
So when the user is already logged the tracklist
will just be displayed, if it is not, the request containing
the programId parameter should be saved, then a login
should be done - displaying a login page where the
user enters username and password and upon login
the user is redirected to the track list page.
I can manage the redirection ofcorse, but I do not know
how to store and restore the request data properly
(in this case, as redirection is done, also the before
saved request containing the programId parameter
is restored as if the action to which is referred to again
was called by a form (but in this case it is redirected
to from an Action).
Do you know how to do this?
Thanx in Advance,
Lukas
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Preserving original request until after login redirect
Posted by Max Cooper <ma...@maxcooper.com>.
That one is pretty simple:
- Use a GET request so the programId is part of the URL.
- Store the whole URL, including the query string.
- Redirect back to the URL (including query string) after the login.
The more difficult case is POSTed parameters that don't show up on the query
string. All redirects are GETs -- you can't send a reirect that will result
in a POST. The ONLY ways you can transparently handle keeping POSTed
parameters across a login event is with container-managed security or with a
filter. There is no request.setParameter() method, so there is no other way
to shove the originally POSTed parameters into a later request.
Harder still is multi-part file uploads! I haven't tested my SecurityFilter
project with file uploads, but I suspect that it would fail. I haven't
tested container-managed security under the file upload condition either --
for all I know, they might fail, too.
Keeping request parameters across a login event is one of the subtle things
that container-managed security (or my filter-based clone, SecurityFilter)
does for you. Trying to support this well in a proprietary turns out to
harder than it at first seems (but you can look at SecurityFilter for an
example).
-Max
http://www.securityfilter.org/
----- Original Message -----
From: "Lukas Österreicher" <lu...@inode.at>
To: <st...@jakarta.apache.org>
Sent: Wednesday, November 19, 2003 9:23 AM
Subject: Preserving original request until after login redirect
> Hello
>
> I have recently posted a problem I had and then
> was told to look at "Redirecting after Logon".
>
> As far as I have seen (I think I do not have all posts though)
> this is not a solution for me as it uses predefined structures
> already hardwired into struts.
>
> My Problem is the following:
> I have user-defined user bean which is put into the
> session indicating which user is logged in with that session.
> Most pages require the user to be logged in, some do not
> (this is checked for in each Action).
>
> Now, for instance I have a page that lists radio
> programs. Clicking on one should display the tracks
> that are contained in a specific program. For this
> a programId parameter is passed in a form.
>
> The program list page is browsable without
> authentication, but the track list page is not.
>
> So when the user is already logged the tracklist
> will just be displayed, if it is not, the request containing
> the programId parameter should be saved, then a login
> should be done - displaying a login page where the
> user enters username and password and upon login
> the user is redirected to the track list page.
>
> I can manage the redirection ofcorse, but I do not know
> how to store and restore the request data properly
> (in this case, as redirection is done, also the before
> saved request containing the programId parameter
> is restored as if the action to which is referred to again
> was called by a form (but in this case it is redirected
> to from an Action).
>
> Do you know how to do this?
>
> Thanx in Advance,
> Lukas
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org