stackoom
  简体   繁体   中英

Login page redirection in Java and Javascript

 原文  2011-06-20 14:02:47       java/ javascript/ web-services/ redirect/ login

Question

Ok, so I've got an interesting case of login page redirection going on.
My webservice has a login page (login.html) with some javascript to handle logging in and redirecting to a hardcoded 'default' page. The webservice is written in Java with a servlet filter handling redirection if a user is unauthenticated (so if a user tries to access domain/statistics without being logged in, they are directed to domain/login.html ). The redirection from the protected services works: I can redirect to the login page and once a user is authenticated, redirect them to a default page. I am having issues, however, redirecting to the previous page.
I know this is usually handled with the argument document.referrer in the Javascript, which I have tried, but due to the Java's redirection with response.sendRedirect , the Referer header is not sent.

How can I get these two aspects to redirect to the previously called page? Is it something I need to add on the Javascript side, the Java side, or both?

2 answers

solution1
 0 ACCPTED  2011-06-20 14:09:48

What I've done is to drop the original (redirected) URL into a hidden input field on the login form. The code that does the authentication should just check that parameter, and if it's not empty it can redirect after establishing the session.

You have to be careful doing this to prevent XSS attacks etc., but it's not that hard and it works just fine.

In my framework (Stripes), I can push the original URL (taken from the HttpServletRequest object, a combination of the servlet path, the "path info", and the query string) into a special holding box that will cause the framework to give it back to me on the next request as a parameter. Without that, the simple thing to do is add the URL as a parameter when you redirect. Just URL-encode the original attempted URL and tack it onto the redirect URL with some parameter name. Then, on your login page, you just check for it: 

    <c:if test='${not empty param.attemptedUrl}'>
      <input type='hidden' name='attemptedUrl' value='${fn:escapeXml(param.attemptedUrl)}'>
    </c:if>

Then your login action will get that parameter too when the login form is submitted, and it can act on it as appropriate.

solution2
 0  2011-06-20 15:05:40

Send Redirect will ask to the client to repeat the request to the resource you choose. Have you think of Spring Security with minimal configuration you can achieve this quite easily.

Take a look at this:

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Login to a website with JAVA/Android (redirection issue) How to disable redirection to login page in JBoss, when the session expires? How to set redirection page after successful login (WITHOUT Spring Security) Getting stuck in redirection loop after successful login in Java cas client ResponseText on Login Java Javascript Redirection 302 after login in Java when status 200 in other langs Java EE Login Page Problem Login redirection error Login page using Java and LDAP JSP login page with Java Class
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM