Hi Mark, i would suggest the flow like that: User -requests-> P -check-if-logged-in-and-if-not-forward-to-> C (story end here)
User -requests-> A -check-if-logged-and-if-yes-forward-to-saved-request_P-> P where A is special landing page for users coming back from central security, there should be a mechanism to configure your central security to forward back your user after a successful login to page A or maybe there is even a mechanism that can forward him to page P which he requested at the first place, but that depends from central security system. In other words it might generalized to simple check before action execution: check if user logged in - if yes then check if there is any saved request for him (this check can be done only if special landing page A is requested) -- if yes proceed with saved request -- if no proceed with actual request - if no redirect to central security. I hope that's more clear. Best greetings, Paweł Wielgus. 2010/4/29 Mark Hansen <m...@proxisoft.com>: > Thanks Pawel. > > What I don't understand is how, after my user is authenticated by the central > security application (say that happens on page C), I can get him back to my > struts application and forward him to page P - which he originally requested. > The flow that I need is: > > User -> P - forward -> L1 --- forward --> C --- forward --> P > > > ________________________________ > From: Paweł Wielgus <poulw...@gmail.com> > Reply-To: Struts Users Mailing List <user@struts.apache.org> > Date: Thu, 29 Apr 2010 08:44:29 -0500 > To: Struts Users Mailing List <user@struts.apache.org> > Subject: Re: Login redirection > > Hi Mark, > i don't know the details, but in general when You was redirecting to > L1 or Ln You had the knowlegde about requested page P, so just > redirect to this centralized solution but store two things, what was > requested (page P and maybe also parameters) and some identificator of > a user (session or cookie). > When user will come back and You will check if he is authenticated by > central security app. > If he is You will be abble to redirect him back to page P based on > user identificator and original request. > > As for the safety of all steps, You should be given secure way of > asking if a user is authenticated by this central security application > and a secure way of sending users to this central app - in other words > You should not reinvent the weel. > > Best greetings, > Paweł Wielgus. > > > 2010/4/27 Mark Hansen <m...@proxisoft.com>: >> I am working on a Struts 1.x application that has a number of login pages >> L1, L2, L3, ... If a non-authenticated user requests a page - P - that >> requires authentication, the user will be redirected to one of these login >> pages L1, L2, L3, ... - depending on the context. Once authenticated, he >> proceeds to page P. >> >> Now, authentication is being centralized across a variety of applications >> (Struts and non-Struts). All the login pages from my application (L1, L2, >> ...) need to be redirected to this central security application (outside my >> control) for authentication. Once the redirected user is authenticated by >> the central security application, the user needs to be sent back to his >> originally requested page - P. >> >> What would be the best way to securely implement this redirected >> authentication in the Struts 1.x framework? >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
