Patch to support pass-through parameters
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
I needed this feature, so I built it.
It allows you to include a "forward" parameter to the form authenticator that indicates where the request should be sent after the login has been completed.
You can also specify if you want the user to be redirected (the default) or forwarded to the "forward" page.
The avantage to using "forward" is that the target URL will get all of the parameters sent along with the login (this allows you to do things like have a login form on a page that also submits some extra information intended for a protected page).
Enjoy!
-chris
Here's the patch:
diff -u -r1.11 FormAuthenticator.java
--- src/share/org/securityfilter/authenticator/FormAuthenticator.java 22 Feb 2005 11:02:16 -0000 1.11
+++ src/share/org/securityfilter/authenticator/FormAuthenticator.java 3 Aug 2006 20:01:08 -0000
@@ -75,7 +75,12 @@
public class FormAuthenticator implements Authenticator {
public static final String LOGIN_SUBMIT_PATTERN_KEY = "loginSubmitPattern";
+ public static final String FORWARD_PARAMETER_KEY = "forwardParameter";
+ public static final String FORWARD_METHOD_PARAMETER_KEY = "forwardMethodParameter";
public static final String DEFAULT_LOGIN_SUBMIT_PATTERN = "/j_security_check";
+ public static final String DEFAULT_FORWARD_PARAMETER_NAME = "forward";
+ public static final String DEFAULT_FORWARD_METHOD_PARAMETER_NAME = "forward-method";
+
protected String loginSubmitPattern;
protected static final String FORM_USERNAME = "j_username";
@@ -93,6 +98,9 @@
protected SecurityRealmInterface realm;
+ protected String forwardParameterName;
+ protected String forwardMethodParameterName;
+
/**
* Initilize this Authenticator.
*
@@ -109,6 +117,16 @@
loginSubmitPattern = DEFAULT_LOGIN_SUBMIT_PATTERN;
}
+ // "forward" parameter
+ forwardParameterName = filterConfig.getInitParameter(FORWARD_PARAMETER_KEY);
+ if(null == forwardParameterName)
+ forwardParameterName = DEFAULT_FORWARD_PARAMETER_NAME;
+
+ // "forward-method" parameter name
+ forwardMethodParameterName = filterConfig.getInitParameter(FORWARD_METHOD_PARAMETER_KEY);
+ if(null == forwardMethodParameterName)
+ forwardMethodParameterName = DEFAULT_FORWARD_METHOD_PARAMETER_NAME;
+
// default page
defaultPage = securityConfig.getDefaultPage();
@@ -204,9 +222,18 @@
}
request.setUserPrincipal(principal);
- String continueToURL = getContinueToURL(request);
- // This is the url that the user was initially accessing before being prompted for login.
- response.sendRedirect(response.encodeRedirectURL(continueToURL));
+
+ // TODO: This should really be moved to another part
+ // TODO: of the library, as it has nothing to do with
+ // TODO: authentication. :(
+
+ Forward fwd = getForward(request);
+
+ if(fwd.redirect)
+ response.sendRedirect(response.encodeRedirectURL(fwd.uri));
+ else
+ request.getRequestDispatcher(fwd.uri).
+ forward(request, response);
} else {
// login failed - forward to error page
request.getRequestDispatcher(errorPage).forward(request, response);
@@ -324,6 +351,37 @@
}
return uri;
}
+
+ private static class Forward
+ {
+ String uri;
+ boolean redirect;
+
+ Forward(String uri, boolean redirect)
+ {
+ this.uri = uri;
+ this.redirect = redirect;
+ }
+ }
+
+ private Forward getForward(HttpServletRequest request)
+ {
+ String uri = request.getParameter(forwardParameterName);
+ boolean redirect ;
+
+ if(null != uri)
+ {
+ // Default to redirect
+ redirect = !"forward".equalsIgnoreCase(request.getParameter(forwardMethodParameterName));
+ }
+ else
+ {
+ uri = getContinueToURL(request);
+ redirect = true;
+ }
+
+ return new Forward(uri, redirect);
+ }
}
// ------------------------------------------------------------------------
This is a useful patch which I could also use. Many thanks to Chris for implementing and sharing this. How do I go about adding this patch ?
Thanks,
Marcel
After applying the patch, recompiling and testing, everything seemed to work great until I got the following exception which only seems to happen when a first time user to my application attempts to login, any ideas ? Are there limitation on the version of java which must be used to recompile ?
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Error matching patterns
org.securityfilter.filter.SecurityFilter.doFilter(SecurityFilter.java:148)
root cause
javax.servlet.ServletException: org.apache.jasper.JasperException
javax.faces.webapp.FacesServlet.service(FacesServlet.java:152)
org.securityfilter.authenticator.FormAuthenticator.processLogin(FormAuthenticator.java:228)
org.securityfilter.filter.SecurityFilter.doFilter(SecurityFilter.java:138)
root cause
javax.faces.FacesException: org.apache.jasper.JasperException
org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:426)
org.apache.myfaces.application.jsp.JspViewHandlerImpl.renderView(JspViewHandlerImpl.java:234)
org.jenia.faces.template.handler.ViewHandler.renderView(ViewHandler.java:74)
org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:384)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:138)
org.securityfilter.authenticator.FormAuthenticator.processLogin(FormAuthenticator.java:228)
org.securityfilter.filter.SecurityFilter.doFilter(SecurityFilter.java:138)
Thanks in advance for your help
Marcel
This patch has been applied to the trunk in CVS, so you don't have to worry about patching yourself if you don't want to. Note that there have been some changes. Please see the code for FormAuthenticator for details.