Hi Mark, i don't know the details, but in general when You was redirecting to L1 or Ln You had the knowlegde about requested page P, so just redirect to this centralized solution but store two things, what was requested (page P and maybe also parameters) and some identificator of a user (session or cookie). When user will come back and You will check if he is authenticated by central security app. If he is You will be abble to redirect him back to page P based on user identificator and original request.
As for the safety of all steps, You should be given secure way of asking if a user is authenticated by this central security application and a secure way of sending users to this central app - in other words You should not reinvent the weel. Best greetings, Paweł Wielgus. 2010/4/27 Mark Hansen <m...@proxisoft.com>: > I am working on a Struts 1.x application that has a number of login pages L1, > L2, L3, ... If a non-authenticated user requests a page - P - that requires > authentication, the user will be redirected to one of these login pages L1, > L2, L3, ... - depending on the context. Once authenticated, he proceeds to > page P. > > Now, authentication is being centralized across a variety of applications > (Struts and non-Struts). All the login pages from my application (L1, L2, > ...) need to be redirected to this central security application (outside my > control) for authentication. Once the redirected user is authenticated by > the central security application, the user needs to be sent back to his > originally requested page - P. > > What would be the best way to securely implement this redirected > authentication in the Struts 1.x framework? > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
