Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Not A Problem
-
1.0.1
-
None
-
None
Description
Situation
DeltaSpike combined with PicketLink for security handling (users and roles). Custom AccessdecisionVoter to check, whether the user is allowed to access a page (by Secured Annotation in ViewConfig).
DS-Security intercept access to this page and redirects to the login. After the login it would be nice to redirect the user to the initially requested page.
Generally this problem is independend of the used security framework, in this case though PicketLink is used.
Reference to mailing list: http://mail-archives.apache.org/mod_mbox/deltaspike-users/201407.mbox/%3C006601cfa1ad$8fa14a00$aee3de00$@gaulke.net%3E
Idea for the solution
Make requested page avaiable in AccessDecisionVoterContext and let the app handle the redirect after login. I think this could be done in SecurityUtils.
Example
Attached you will find a minimal JSF/DS/PL application which uses a in memory database. Start the application in JBOSS Wildfly and access it.
You can now click on "Admin Area" in the main-menu and DS will redirect you to the login form. After login a LoggedIn Event by PL is fired.
A redirect to the requested page is desired.
Attachments
Issue Links
- relates to
-
DELTASPIKE-677 document ds-security in combination with picketlink
-
- Closed
-