ESAPIFilter in RI should allow login page destination to be configured

[GoogleCodeExporter]

Rather than force uses of the RI to have their login page be located at
/WEB-INF/login.jsp we should allow configuration of where the users should
be forwarded in the event that a forward or redirect needs to occur to log
the user in. 

We should be able to add a line to the ESAPI.properties file which allows
the user to specify where login requests should be sent. 

Original issue reported on code.google.com by chrisisbeef on 24 Jul 2009 at 7:50

[GoogleCodeExporter]

Actually, I think the loginPage should be passed in from the web.xml entry for 
the
filter as opposed to in the properties file, as the ESAPI jar may be shared 
across
multiple web applications but they have their own login pages where anonymous 
users
should be sent. 

Patch for trunk is attached.

Original comment by chrisisbeef on 25 Jul 2009 at 12:01

Attachments:

• Issue_20.patch

[GoogleCodeExporter]

Scheduling this for ESAPI 2.1

Original comment by chrisisbeef on 6 Nov 2009 at 8:51

• Added labels: Milestone-Release2.1, OpSys-All

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 25 Jan 2010 at 10:17

• Added labels: Configuration
• Removed labels: OpSys-All, Usability

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Agree with Chris' #1 comment; this should use an init parameter (let's call it 
"loginPage") passed in from any relevant ESAPI servlet filter so it can be 
specified in the web.xml as part of the JavaEE filter configuration.

Original comment by kevin.w.wall@gmail.com on 23 Sep 2014 at 1:43

• Added labels: FirstBug