• Post Reply Bookmark Topic Watch Topic
  • New Topic

Redirect after login

 
Gary Larson
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a secured Struts application in WebSphere that uses FORM j_security_check for authentication.

There is also a Post Logon "filter" defined which runs some code after a login is processed.

The extract from web.xml showing the login configuration and filter is as follows:



If a user isn't logged into the application and they try to access one of the secured servlets, for example quotes.do, they are directed to the login page to enter their information.
If they login successfully, they are then directed to quotes.do, rather than the default "welcome" page.

Is there a setting in the web.xml or the post logon filter where I can force j_security_check to ALWAYS go to the default welcome page after a successful login?
 
Jaikiran Pai
Sheriff
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gary, welcome to CodeRanch!

If a user isn't logged into the application and they try to access one of the secured servlets, for example quotes.do, they are directed to the login page to enter their information.
If they login successfully, they are then directed to quotes.do


The servlet spec mandates that. The container is expected to serve the protected resource after successful authentication/authorization.

Is there a setting in the web.xml or the post logon filter where I can force j_security_check to ALWAYS go to the default welcome page after a successful login?

Why do you want it that way?
 
Gary Larson
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Why do you want it that way?


We had a situation where a customer discovered a secure URL and keyed it directly into the browser. Struts security redirected them to the login page so they then put in their username & password, successfully logged in, and Struts proceeded to take them to the URL they don't have access to. Since they don't have access, it was just a blank screen (nothing was shown because they don't have access) but I would've rather we take them to the standard welcome page than just showing a blank screen.

I can see a solution where I go through all my secure JSPs and check access in the header and redirect to the welcome screen if invalid, but I would've thought the framework should be able to do this for you?

I tried putting a secure URL into my browser for some high-profile sites like PayPal and my internet banking. In both cases, after I log in, the system shows me the welcome page, not the page I was attempting to go straight to. So surely this is possible within the Struts framework?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!