7 Replies Latest reply on Aug 6, 2005 2:23 PM by kenlohwh

    How to Forward to a Particular Page if Login is of a Particu

    kenlohwh
    kenlohwh Jul 27, 2005 2:24 PM

      Hi All,

      There are many websites that require a user to go through an email verification process by getting him to access the website with an url parameter consisting of a code sent to the email account concerned.

      Therefore, if an unverified user tries to access a secure page, a page shows up telling him to go to his specified email account to click on a link there, for example.

      I'm using JBoss's j_security_check using form login. How could I realize the condition mentioned above ? Do I use a second <login-config> with a different realm in my web.xml ?

      Any help will be more than appreciated.

      • 4261 Views
      • Tags:
        • 1. Re: How to Forward to a Particular Page if Login is of a Par
          kenlohwh
          kenlohwh Jul 28, 2005 3:26 PM (in response to kenlohwh)

          Is there anybody who could help me with the question that I've asked ?

          As no answer has been forthcoming, I guess it might be that my question is ambiguous. Therefore, I'll try again to be more specific.

          Conventionally, using j_security_check under JBossSX, if a user fails to login, he will be redirected to a login error page specified in web.xml's <form-error-page> tag.

          How do I while maintaining the usual login error page, redirect users with a specific role, to another page upon login?

          Thanks,
          Ken

            • Actions
          • 2. Re: How to Forward to a Particular Page if Login is of a Par
            starksm64
            starksm64 Jul 30, 2005 10:55 AM (in response to kenlohwh)

            Try making the form-error-page a servlet that does the forwarding.

              • Actions
            • 3. Re: How to Forward to a Particular Page if Login is of a Par
              kenlohwh
              kenlohwh Jul 31, 2005 1:13 PM (in response to kenlohwh)

              Thanks Scott for your answer. However, some questions:

              Redirecting from a servlet as you have suggested, would required me to obtain the Principal (to make decision whether to redirect etc.). If my understanding is correct, the servlet (ie. the form-error-page) must be not be protected. However, I've tried getPrincipal in a servlet of an unprotected url-pattern before and all I got was null.

              Any further advice would be very much appreciated.

              "scott.stark@jboss.org" wrote:
              Try making the form-error-page a servlet that does the forwarding.


                • Actions
              • 4. Re: How to Forward to a Particular Page if Login is of a Par
                starksm64
                starksm64 Aug 3, 2005 12:27 PM (in response to kenlohwh)

                An error-page certainly should not have any principal since authentication failed. Get it from the session:
                http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves

                  • Actions
                • 5. Re: How to Forward to a Particular Page if Login is of a Par
                  kenlohwh
                  kenlohwh Aug 3, 2005 4:53 PM (in response to kenlohwh)

                  Thanks Scott for your answer.

                  I tried my best to follow faithfully to your suggestion. However, I keep stumbling into "HTTP Status 403 - Access to the requested resource has been denied" error.

                  Since I'm using Struts, I forward (and even tried redirect) from an Action class which is invoked by the form-error-page path as suggested. When total failed login (i.e. no role at all), the class forward corrected to a page I want.

                  However, when there is a role and in which I want to forward to a particular page (namely a role called "pending" which the user is to be shown a page asking him to click on an url in a email sent to his email account), the 403 error crops up without fail.

                  Any help would be more than appreciated.

                    • Actions
                  • 6. Re: How to Forward to a Particular Page if Login is of a Par
                    kenlohwh
                    kenlohwh Aug 3, 2005 5:34 PM (in response to kenlohwh)

                    Something I'd like to add after continuing debugging since my last post:

                    In debug mode, I realized that j_security_check actually did not take it to the form-error-page's path (I've set a break point in the Action class that handles the path, but nothing happens). Therefore, I conclude that the login surprising passes a user without a sufficient role. However, once it discovers this, it gives error 403.

                    One thing doesn't change though. I'm still in dire strait whichever way. Therefore, any small help will be more than appreciated, still.

                      • Actions
                    • 7. Re: How to Forward to a Particular Page if Login is of a Par
                      kenlohwh
                      kenlohwh Aug 6, 2005 2:23 PM (in response to kenlohwh)

                      As the clock is ticking and no further answer is visible at the horizon, I decided to drop the redirection/reforward idea at <form-error-page> and experiment with having an <error page> element for this as shown below:

                       <error-page>
 <error-code>403</error-code>
 <location>/showLogonErrors.do</location>
 </error-page>


                      Just for information to anyone who might stumble upon similar problem.

                      Cheers

                        • Actions