3 Replies Latest reply on May 7, 2004 11:02 AM by mwallner

    Form-based Login question

    mwallner Newbie

      Hi!

      I am using form-based login with j_security_check. After the user has logged in, some initalization is done (values are set into the session variable, etc).

      If a non-authenticated user requests a protected resource, he is redirected to the form-based login page (that's fine), but then redirected *directly* to the protected resource. So he can skip the initalization. I know that this is the proper behaviour, but when the initalization has not been performed, problems arise inside my web application (because values in the session are missing).

      Is there a way to tell j_security_check to, after successful login, first redirect to the initalization servlet and THEN to the requested protected resource?

      I am using jboss-3.2.3.

      Thanks,
      - Markus

        • 1. Re: Form-based Login question
          anis Newbie

          I think agood way to do this ist to use a Filter, which would check if the initiatialization has been done . If yes redirect to the init-servlet, else call the protected source

          See http://java.sun.com/webservices/docs/1.3/tutorial/doc/Servlets8.html#wp64572

          • 2. Re: Form-based Login question
            anis Newbie

            Hi, Here is an example:

            import java.io.IOException;
            
            import javax.servlet.*;
            import javax.servlet.http.*;
            
            
            public class InitFilter implements Filter {
            
            private FilterConfig config;
            
            /**Init.
             * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
             */
            public void init(FilterConfig config) throws ServletException {
             this.config = config;
            }
            
            /**@see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
             * javax.servlet.ServletResponse, javax.servlet.FilterChain)
             */
            public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
            
             HttpServletRequest req = (HttpServletRequest) request;
             HttpServletResponse resp = (HttpServletResponse) response;
             if(this.isInitialized())
             chain.doFilter(request, response);
             else
             resp.sendRedirect(resp.encodeRedirectURL(req.getContextPath() + "/initServlet"));
            
            }
            
            private boolean isInitialized(HttpServletRequest requets){
             //check
            return result;
            }
            


            Maybe you won´t need the initSevlet anymore, just start the initialization from the filter

            Hope could help

            ciao
            anis

            • 3. Re: Form-based Login question
              mwallner Newbie

              Thanks a lot!
              - Markus