Custom mechanism to set original URL in login()

[tazmaniax]

I have pages that can be accessed by the user if they are logged in or not and if they explicitly login from a page they should be returned to that page. For this to work I'd like the originalUrl to be set to the HTTP refrerer header at the beginning of the login method so the user is returned back to that page and not to ROOT on success. It would be nice if there was a mechanism to specifically customise the initialisation of originalUrl for login(), perhaps a call back to the UserService at the beginning. Does this sound reasonable or is there a simpler approach that I've missed. Thx, Chris

[jaliss]

Chris,

There is some code to save the original url and redirect the user back to it after login. The SecureSocial.checkAccess() method saves it. It does it for GET requests, for POST requests it just redirects to /. Do you see it fail for GET requests?

Jorge

[tazmaniax]

Hi Jorge,

Sorry I should have mentioned that I'm still using a customised secure module at the moment but I would like to move to using SecureSocial, however from looking at the source the same issue exists in both for this use case. I have a login link in my app that is available on pages that can be viewed by both signed-in and unsigned-in users and as a result the class is not annotated with "@with(...)". When selected the login link calls the login() controller method to render the login page but checkAccess() method is not called so the originalUrl is not defined and in this case I would like the originalUrl to be set to the referer header when the originalUrl is not already defined, e.g.

/**

• The action for the login page.
  */
  public static void login() {
  final Collection providers = ProviderRegistry.all();
  String originalURL = flash.get(ORIGINAL_URL);
  if (originalURL == null) {
  Http.Header refererHeader = request.headers.get("referer");
  if (refererHeader != null && refererHeader.values.size() > 0) {
  flash.put(ORIGINAL_URL, refererHeader.values.get(0));
  }
  } else {
  flash.keep(ORIGINAL_URL);
  }
  boolean userPassEnabled = ProviderRegistry.get(ProviderType.userpass) != null;
  render(providers, userPassEnabled);
  }

This is obviously a customisation that not everyone wants so I was looking for a mechanism to add optionally add this.

Chris

[jaliss]

Are you pointing to the login page from the public pages?

[tazmaniax]

Yes I have a login link in the top right of my pages. This link changes to logout after a user has authenticated and points to the logout page. Similar to the login when the user selects logout they are returned to the same page, but with less content. I forked SecureSocial and added two callback methods to UserService, onLogin and onLogout. The idea would be that onLogin could set the originalUrl to the referrer if originalUrl was not already set and onLogout could set the redirectTo to the referrer to display the page prior to selecting logout. Implementing the callbacks would allow my app to customise the authentication process without impacting too much on the framework itself and affecting other users of the module. Thoughts?

[jaliss]

You can use securesocial.login.redirect=MyController.myAction in application.conf to specify the page you'd like to user to be redirected after log in if no originalURL was detected.

[cndreiter]

I cannot find the checkAccess method in the code. Has it been removed? Otherwise, please tell me the file in which it lives.

Thanks