Jun 16th, 2009, 02:27 AM
Any way to determine which link was clicked on before redirecting to login page?
On my profile page, I have several buttons that take you to pages that require a login:
The "Edit Profile" button, "Visually Edit Relationships" button and sign in link require you to login. Well the sign in link could just go to the login page...
This works fine, if you click any of those buttons/links you'll be taken to the login page and after logging in you'll be taken to the proper destination as per Spring Security's mechanism. But what I would really like is to be able to tell which button or link was clicked on so that I could show a message in the login page such as "You must be a member to edit a profile".
Is there a way to do this? Checking the referer header on the login page only shows http://www.appletree.com/Scott_Allen_Mueller_1. That doesn't tell me which button was clicked. I can't add a parameter to a button like http://www.appletree.com/edit/Scott_...ck=edit_button because that disappears when redirecting to the login page.
Is there a way to read what the destination page will be after logging in from the login page?
Jun 20th, 2009, 01:37 AM
Ok, on another thread talking about redirecting to a specific destination URL after login, Luke Taylor said we can add a hidden http parameter called "spring-security-redirect" to go to a specific URL.
So what I can do is instead of linking to a protected resource which will redirect to the login page, change that to link directly to the login page if the person is not logged in. Add an http parameter like target=/protected/example. In your login page, check for that parameter and set the spring-security-redirect parameter to it. Now you know the destination URL and origin webpage (through the Referer http header) so you can output an appropriate message to the user.
The above is basically rewriting the nice JEE and Spring login mechanism and I'd definitely like to avoid it. Again, is there any way to read the destination URL from a login page? This would solve the problem elegantly as you can compare Referer with destination URL and provide very nice messages instructing the user why they need to login for this function. On the other hand, the above mechanism allows different messages for different links/buttons that are on the same page and send you to the same destination URL. Also, of limited value, the above method allows a user to enter the login page in 2 different browser windows and still end up at the right destination URL on both.
Tags for this Thread