I want to use form-based login and container managed security.
I have a requirement as follows:
If an unauthenticated user is on web-page-A (unprotected page) and then tries to access web-page-B (protected page), the login page will be displayed and the user must login. After the user logs in successfully, the next web page displayed by the web container is web-page-A! Form-based login would have sent the user to web-page-B.
Can I still use container managed security and accomplish the above requirement? Should I go the route of Java Petstore and write my own web based security? Is there a method to call from the application code that will authenticate the user to the web container?
You may be able to hack together a filter that redirects the user back to the first page after authentication is successful (instead of directing to the requested page). This assumes that your form-login page is a JSP and so some work can be done in it. Your application server may offer some proprietary interceptors to do something similar also.