Hi,
I've never tried using FORM based authentication, but if orion uses the forward
mechanism to redirect the request to the login page, I think I remember there is
a method to get the original request URL when you do so... let me see... no, I
can't seem to find it in the spec. I've just found something like that if you
use the include mechanism. You might try to check the Attributes of the request,
using getAttributeNames, to see if there's any object that tells you where the
original request was directed to.
good luck,
D.
"SAURUGGER,PETER (A-PaloAlto,ex2)" wrote:
> Would be interesting to control where a user goes, e.g. always redirecting
> them to the home page. Unfortunately, I don't have an answer to your
> question, just another observation:
>
> you don't even have to submit the page to j_security_check (see e.g.
> atm/atm-web/login.jsp) - orion -knows- where to send the request from the
> page specified in FORM based authentication. The regular case would be that
> the same page is served (without specifying the ACTION attribute to the
> <FORM>), but Orion nicely processes your request and does the 'appropriate'
> thing.
>
> I have not had time to try to look inside orion to find out what they are
> doing internally. If an answer is found to this question, I'd sure like to
> hear about it
>
> --peter
>
> -----Original Message-----
> From: Trujillo, Kris [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 07, 2001 1:24 PM
> To: Orion-Interest
> Subject: FORM based authentication with <form-login-page> as a JSP
>
> Here's some starting context for my question ....
>
> I have a war file that has been configured to use FORM based authentication.
> I have set the <form-login-page> in the web.xml of the war file to point to
> a jsp file in my war file. I have setup constraints against different jsps
> in the war file (/foo/foo.jsp, /foo2/foo.jsp, etc). When a user invokes any
> jsp without being logged in the login jsp is displayed. The user enters the
> userid/password submits the page to j_security_check, is validated and
> redirected to the requested page.
>
> My question is ...
>
> Has anyone ever tried discovering the page that the user is trying to access
> from within the jsp page referenced as the <form-login-page>? I have tried
> checking the HTTP headers and session, but have not discovered it being
> saved anywhere. Usually when a page invokes another page the HTTP header
> REFERER exists with the URL to the previous page. I have noticed that once
> the user posts the login form on my login.jsp to j_security_check and is
> authenticated they are redirect to the correct location .. correct location
> being back to the page they wanted to access originally. This would mean
> that it has to be somewhere, but where??
