Hello, I'm writing an application using jboss-tomcat+struts. I've enabled form-based-authentication
I need to set some objects in every user session after the user logs in to the application. The problem is that when user logs in with this authentication type, the server forwards to the resource the user has originally requested. I want to redirect to a specific resource.
I've solved this by checking the existence of some object in the user session in the execute method of a base action, but this executes on every request.
Is there a way to follow control to a specific resource?
Filter is the right place to do things like this one.
You may also want to google for "SecurityFilter".
ok, but wouldn't this filter execute on every request?
The very concept of security constraints implies on the existence of a SecurityFilter somewhere (implemented by the container itself). This means that, indeed, in every request the container will match your roles with those assigned to the URL - this small test you will make on your own filter will have no impact on the whole game.
Another approach is to find out where your container "hides" the URL originally requested (keeping the URL is the standard behaviour, but *where* to keep it is up to each container). Some containers keep it in a cookie, others in session variables, and so on; just override the original value - of course, this will not be portable.