How to redirect to url after j_security_check login

Question

I use j_security_check to authenticate my Java EE web app.

I have 2 groups; user and admin. Both of these groups have a own folder in the weg pages; user has "/secure", admin has "/admin". After a person is authenticated with j_security_check I would like based on their group to redirected to their associated web folder. Now they just stay at the login page. The authenticating part of my app works fine, if I log in as an user I can access /secure but not /admin, and vice versa.

Is this possible and how? I coulden't find any information or a solution online.

Edit: Maybe some handy information for a solution, I also use JSF in my app. But I don't use any JSF to login. Login form is pure html with the j_security_check stuff.

Edit 2: The root file for my main web folder is the login page.

Answer 1

You can have a mere web Servlet which will handle a common secure /login path ( @WebServlet ) between your different roles and redirect to the page based on the current authenticated user's role. You can use the HttpRequest.isUserInRole() method and then redirect your user to the page you want ( HttpResponse.sendRedirect() )

Answer 2

For anyone wondering how I solved it, I forgot to specify the roles in the web.xml, like this:

<security-role>
    <role-name>admin</role-name>
</security-role>
<security-role>
    <role-name>skipper</role-name>
</security-role>

Thanks @Franck for taking his time to solve this problem trough chat!

Answer 3

How About: Create a redirect.jsp file with the next content:

<%response.sendRedirect(request.getContextPath() + "/redirect");%>

Then make the redirect.jsp to be the welcome-file in the web.xml :

<welcome-file-list>
    <welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>

And the last step is to create the servlet which checks the role and redirects appropriately