The mechanism that redirects if not logged in is found in AccessControlFilter ( http://svn.apache.org/repos/asf/incubator/jsecurity/trunk/web/src/org/jsecurity/web/filter/AccessControlFilter.java). All of JSecurity's filter classes that do this save-request-then-redirect extend from this class.
The AccessControlFilter saveRequest method implementation first creates a SavedRequest ( http://svn.apache.org/repos/asf/incubator/jsecurity/trunk/web/src/org/jsecurity/web/SavedRequest.java) object representing the incoming request, and contains just enough information to perform a redirect later. It then saves this SavedRequest object to the session. After the user logs in successfully, a similar mechanism checks if there is a SavedRequest. If so, it uses that to redirect to the specified URL in the saved request. You can see in the SavedRequest source code (linked above) that it supports only GET requests at the moment by acquiring request.getRequestURI() and request.getQueryString(). We did this initially as it didn't seem like a good idea to redirect POSTs, for fear of unexpected results, especially if that POST represented secure user data or financial information. If you'd like JSecurity to support this, please open a Jira issue ( https://issues.apache.org/jira/browse/JSEC). It wouldn't be hard to implement - we'd just have to add some state/behavior to the SavedRequest object and the class that uses it for redirect. Until then, you can easily take any of our filters that extend AccessControlFilter, and override the saveRequest method to do what you need in the mean time. Cheers, Les On Tue, Jan 13, 2009 at 11:56 AM, Peter Ledbrook <[email protected]>wrote: > > I'm using JSecurity and the Grails plugin for the first time on a new > > project and I'm running into an issue where my user is filling out a long > > form and is timing out. When they hit the submit button, they get > > redirected to the login page, but once they log back in they have lost > > everything they did. Is there a way to configure JSecurity so that it is > > able to save this request and then complete it once they log back in? I > > have used Acegi in the past and it does this, so I was expecting it to > "just > > work." > > Any help would be greatly appreciated! > > Ah yes, that old chestnut. I believe there is an outstanding issue for > this. It's a non-trivial problem, and I'd be interested to know how > Spring Security does it. One approach is to return an HTML page > containing the POST data in a form with a little bit of javascript to > auto-submit that form. Another approach would be to invoke the > corresponding action directly, but I'm not sure there is a clean way > to do this. It may be easy to do now with the new "forward()" method > that has been added to Grails 1.1, but I haven't looked into it. > > JSecurity itself may have a solution, in which case you could use the > native interceptors rather than the plugin's filter-based system. > > Cheers, > > Peter > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > > >
