12:24 p.m.
Author: remy.maucherat(a)jboss.com
Date: 2010-11-25 06:24:57 -0500 (Thu, 25 Nov 2010)
New Revision: 1591
Modified:
trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
trunk/webapps/docs/changelog.xml
Log:
- Allow a landing page for FORM.
Modified: trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java
===================================================================
--- trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java 2010-11-25
11:20:52 UTC (rev 1590)
+++ trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java 2010-11-25
11:24:57 UTC (rev 1591)
@@ -73,7 +73,14 @@
*/
protected String characterEncoding = null;
+ /**
+ * Landing page to use if a user tries to access the login page directly or
+ * if the session times out during login. If not set, error responses will
+ * be sent instead.
+ */
+ protected String landingPage = null;
+
// ------------------------------------------------------------- Properties
@@ -103,6 +110,22 @@
}
+ /**
+ * Return the landing page to use when FORM auth is mis-used.
+ */
+ public String getLandingPage() {
+ return landingPage;
+ }
+
+
+ /**
+ * Set the landing page to use when the FORM auth is mis-used.
+ */
+ public void setLandingPage(String landingPage) {
+ this.landingPage = landingPage;
+ }
+
+
// --------------------------------------------------------- Public Methods
@@ -269,8 +292,19 @@
if (containerLog.isDebugEnabled())
containerLog.debug
("User took so long to log on the session expired");
- response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
- sm.getString("authenticator.sessionExpired"));
+ if (landingPage == null) {
+ response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
+ sm.getString("authenticator.sessionExpired"));
+ } else {
+ // Make the authenticator think the user originally requested
+ // the landing page
+ String uri = request.getContextPath() + landingPage;
+ SavedRequest saved = new SavedRequest();
+ saved.setRequestURI(uri);
+ request.getSessionInternal(true).setNote(
+ Constants.FORM_REQUEST_NOTE, saved);
+ response.sendRedirect(response.encodeRedirectURL(uri));
+ }
return (false);
}
@@ -287,8 +321,18 @@
if (log.isDebugEnabled())
log.debug("Redirecting to original '" + requestURI +
"'");
if (requestURI == null)
- response.sendError(HttpServletResponse.SC_BAD_REQUEST,
- sm.getString("authenticator.formlogin"));
+ if (landingPage == null) {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+ sm.getString("authenticator.formlogin"));
+ } else {
+ // Make the authenticator think the user originally requested
+ // the landing page
+ String uri = request.getContextPath() + landingPage;
+ SavedRequest saved = new SavedRequest();
+ saved.setRequestURI(uri);
+ session.setNote(Constants.FORM_REQUEST_NOTE, saved);
+ response.sendRedirect(response.encodeRedirectURL(uri));
+ }
else
response.sendRedirect(response.encodeRedirectURL(requestURI));
return (false);
Modified: trunk/webapps/docs/changelog.xml
===================================================================
--- trunk/webapps/docs/changelog.xml 2010-11-25 11:20:52 UTC (rev 1590)
+++ trunk/webapps/docs/changelog.xml 2010-11-25 11:24:57 UTC (rev 1591)
@@ -35,6 +35,9 @@
<bug>49991</bug>: Actually call Request listener when entering and
exiting the application scope, not simply just before
calling the filter chain. (remm)
</fix>
+ <fix>
+ Allow a landing page for FORM. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">