Hi Yuan-Fang,
Is Spring Security configured for the url/path of the resource protected
by your custom fine-grained authorization logic?
If so, even if Spring Security allows access, throwing an
org.springframework.security.AccessDeniedException from your authorization
logic will get picked up by the Spring Security filter chain and trigger the
redirect to /login. By default, Spring Security will redirect back to the
secure resource upon successful authentication.
I haven't tried this, but I work A LOT with Spring Security and I'm pretty
sure it will work.
HTH,
Doug
On Thu, Feb 18, 2010 at 8:05 AM, Thierry Boileau <
thierry.boil...@noelios.com> wrote:
> Hi Yuan-Fang,
>
> unfortunately, if you don't control the behaviour of the client, be aware
> that the number of solutions is quite limited.
> When you discover that the client is not authorized, you can redirect it to
> "<uri resource B>?next=<URI resource A>". Thus, resource B is able to
> prepare the request that will be posted to resource C: keep on using the
> query parameter or add an hidden field in the Web form, etc.
> You can also set cookies (that is say ask the client to set cookie, when
> redirecting to resource B), which will work only if the client supports this
> mechanism.
>
>
> Best regards,
> Thierry Boileau
>
> Hi Thierry,
>
> Thanks for the reply.
>
>
> On Thu, Feb 18, 2010 at 10:11 PM, Thierry Boileau <
> thierry.boil...@noelios.com> wrote:
>
>> Hello Yuan-Fang,
>>
>> >I'd like to know whether there's a way to instruct restlet to redirect to a
>> >particular URL?
>> yes, you can update the response with one of the Response#redirect* methods.
>> That asks the client to send another request.
>>
>>
>> But I wonder if this is really your question...
>>
>> If I understand well, in case of unauthorized acces to resource A, you
>> want the user to hit a resource B (the login page), then to be redirected to
>> resource A after a successful operation on Resource C (a POST on a "login"
>> resource, I guess).
>> I think that the first request (to the login page) must contain all
>> required data (I mean the URL of resource A) via query parameter, cookie,
>> standard header ("Referer"?), specific header, entity, etc. i.e. one of the
>> supported mechanisms in order that the login operation (done via the login
>> page) is aware of the redirected URL and redirects or transmits the message
>> correctly to the resource A.
>> You must make the required data accessible in two requests: the request to
>> resource B, the request to resource C.
>>
>
> I think that's exactly what I'm unsure of, i.e., in resource A, how to
> set the referrer for the request to resource B and in resource B, how to set
> referrer to resource C. Currently in resource A, we redirect the user to
> resource B (login page) as follows:
>
> getResponse().redirectTemporary(getRequest().getRootRef().toString()
> + "/login");
>
>
> Since we're using spring for wiring up the resources and authentication,
> spring takes over from here, intercepts the url and routes it to the
> appropriate resource. I don't know how to pass information from our restlet
> resources to the spring's HTTPRequests. Any insight is appreciated!
>
> Best regards
> Yuan-Fang
>
>
>
>> Best regards,
>> Thierry Boileau
>>
>>
>> Hi list,
>>
>> In our webapp we use spring+restlet (2.0-M5). Spring is setup to provide
>> role-based authentication for URLs. In some (restlet) resources, we have
>> custom code for more fine-grained authorization. There's a scenario where
>> Spring grants access but our custom code requires the user to login to
>> access the resource.
>>
>> What we'd like to do is to have the webapp redirect back to the resource
>> page after successful login. However, the webapp always redirects to the
>> spring's default target URL. I'd like to know whether there's a way to
>> instruct restlet to redirect to a particular URL.
>>
>> This is how we redirect the user to the login page in the resource:
>>
>> getResponse().redirectTemporary(getRequest().getRootRef().toString() +
>> "/login");
>>
>> Thanks!
>> Yuan-Fang
>>
>> ------------------------------------------------------http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2448644
>>
>>
>
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2448947
