-
1. Re: How to Forward to a Particular Page if Login is of a Par
kenlohwh Jul 28, 2005 3:26 PM (in response to kenlohwh)Is there anybody who could help me with the question that I've asked ?
As no answer has been forthcoming, I guess it might be that my question is ambiguous. Therefore, I'll try again to be more specific.
Conventionally, using j_security_check under JBossSX, if a user fails to login, he will be redirected to a login error page specified in web.xml's <form-error-page> tag.
How do I while maintaining the usual login error page, redirect users with a specific role, to another page upon login?
Thanks,
Ken -
2. Re: How to Forward to a Particular Page if Login is of a Par
starksm64 Jul 30, 2005 10:55 AM (in response to kenlohwh)Try making the form-error-page a servlet that does the forwarding.
-
3. Re: How to Forward to a Particular Page if Login is of a Par
kenlohwh Jul 31, 2005 1:13 PM (in response to kenlohwh)Thanks Scott for your answer. However, some questions:
Redirecting from a servlet as you have suggested, would required me to obtain the Principal (to make decision whether to redirect etc.). If my understanding is correct, the servlet (ie. the form-error-page) must be not be protected. However, I've tried getPrincipal in a servlet of an unprotected url-pattern before and all I got was null.
Any further advice would be very much appreciated."scott.stark@jboss.org" wrote:
Try making the form-error-page a servlet that does the forwarding. -
4. Re: How to Forward to a Particular Page if Login is of a Par
starksm64 Aug 3, 2005 12:27 PM (in response to kenlohwh)An error-page certainly should not have any principal since authentication failed. Get it from the session:
http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves -
5. Re: How to Forward to a Particular Page if Login is of a Par
kenlohwh Aug 3, 2005 4:53 PM (in response to kenlohwh)Thanks Scott for your answer.
I tried my best to follow faithfully to your suggestion. However, I keep stumbling into "HTTP Status 403 - Access to the requested resource has been denied" error.
Since I'm using Struts, I forward (and even tried redirect) from an Action class which is invoked by the form-error-page path as suggested. When total failed login (i.e. no role at all), the class forward corrected to a page I want.
However, when there is a role and in which I want to forward to a particular page (namely a role called "pending" which the user is to be shown a page asking him to click on an url in a email sent to his email account), the 403 error crops up without fail.
Any help would be more than appreciated. -
6. Re: How to Forward to a Particular Page if Login is of a Par
kenlohwh Aug 3, 2005 5:34 PM (in response to kenlohwh)Something I'd like to add after continuing debugging since my last post:
In debug mode, I realized that j_security_check actually did not take it to the form-error-page's path (I've set a break point in the Action class that handles the path, but nothing happens). Therefore, I conclude that the login surprising passes a user without a sufficient role. However, once it discovers this, it gives error 403.
One thing doesn't change though. I'm still in dire strait whichever way. Therefore, any small help will be more than appreciated, still. -
7. Re: How to Forward to a Particular Page if Login is of a Par
kenlohwh Aug 6, 2005 2:23 PM (in response to kenlohwh)As the clock is ticking and no further answer is visible at the horizon, I decided to drop the redirection/reforward idea at <form-error-page> and experiment with having an <error page> element for this as shown below:
<error-page> <error-code>403</error-code> <location>/showLogonErrors.do</location> </error-page>
Just for information to anyone who might stumble upon similar problem.
Cheers