I'm developing a web application with GlassFish 3.1 and JSF 2.0 / EJB 3.1. Some of my pages are secured. The secured URL-Parts are defined in the web.xml as URL-patterns. These pages are secured through a security-realm which redirects to a login page also defined in the web.xml as login.xhtml. On the login.xhtml my inputfields for username and password are connected to a session scoped backing bean which executes:
ExternalContext ec = getExternalContext();
HttpServletRequest request = getHttpServletRequest(ec);
request.login(username, password);
The EJB container is responsible for redirecting all incoming requests to secured areas with an invalid session to this page.
But, for example the user is bookmarking the page index.xhtml and was requesting this page. First he has to login over login.xhtml. He authenticates himself by typing his username+password and clicking the submit button.
The problem is: How to determine the target adress, in this case index.html?
The method request.getRequestURI() shows login.xhtml and not index.html. I can redirect always to index.xhtml, but what if the user has typed in xyz.xhtml? Is there any way?
Thanks
Adem
The original request information are stored in the request object with the following keys:
"javax.servlet.forward.request_uri"
"javax.servlet.forward.query_string"