[ajug-members] intercept / resume site flow
rkischuk at gttx.org
Fri Feb 18 11:09:51 EST 2005
A good solution to this problem is built into the servlet container -
container managed security. You declare in your web.xml what resources
you want to require a login for, configure the login method (FORM is
best for most apps), and tell your app server where to find the
When the user tries to access a protected resource, the container steps
in, requires a login, and upon successful login sends them to whatever
resource they were trying to access. I have a sample app and
presentation slides here: http://kischuk.com/devcon/
If your security needs are complex and you are using Spring, I have
heard good things about Acegi Security:
http://acegisecurity.sourceforge.net/, but in this particular case, it
sounds like that would be overkill.
Akilas Yemane wrote:
>Hello fellow members,
>I was hoping if you know a pattern or framework that addresses the
>problem below. I apologize in advance for the verbose scenario.
>Scenario is simple 'petstore' web-app using Springframework
>1. User click add product to cart and proceeds to checkout.
>2. Upon clicking [checkout], an interceptor checks user login status,
>and redirects to login page.
>3. User enters user/pass, and clicks submit. The login controller
>completes its task, then forwards to the 'success view' which is the
>user home/profile page.
>And that's a problem...
>under normal login this works fine. u want the user to go to home page.
>but in this case, the user was in the middle of a checkout....and was
>intercepted & redirected. So they ought to be able to resume their
>checkout after the login.
>Frameworks like Struts, Springs and Webworks enable u to make site
>flow decision by defining a 'success view' or 'failure view' for each
>but these frameworks, don't have a ready made was of making siteflow
>descision based on where the user came from.
>My solution was this:
>When the interceptor intercepts the request, it adds a 'nextAction'
>parameter, to it. Then forwards to the login page, the the login page,
>after completing its job, would forward, to this nextAction page
>parameter (if found)
>So far this works, but now I'm seeing more and more scenarios that
>require the need to intercept a request, and resume again.
>Are there any frameworks, patterns that address this issue?
>ajug-members mailing list
>ajug-members at ajug.org
More information about the ajug-members