Java EE 6 security and redirection

Question

I have a Java EE 6 web application running on JBoss 7.1.1 that has some pages that require authentication and many that do not. For the authenticated pages, I am using Servlet 3.0 Programmatic Security as described in this previous post.

In my web.xml, I have the following entry

<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login</form-login-page>
    <form-error-page>/loginError</form-error-page>
  </form-login-config>
</login-config>

and in my Login class, I have a method annotated with @PostConstruct where the page requested is captured: String previousURL = (String) FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get(RequestDispatcher.FORWARD_QUERY_STRING)

However, it evaluates to the /login page itself rather than the page the user requested and was then forwarded to by JBoss because of the login-config settings in web.xml. As a result, when I forward to previousURL, it merely takes me back to the login page, rather than the page the user clicked on initially. What am I doing wrong?

Answer 1

You're trying to retrieve the wrong attribute. What you're supposed to be trying to retrieve is the RequestDispatcher.FORWARD_REQUEST_URI which is an actual URI. What you're currently trying to retrieve is the query string (basically anything after the actual URL; the ?param=1 etc) following the requested url