Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Java

Posted by Ricardo Sala
Ricardo Sala
16,212 Points

User is asked for password to get to a url, how could the web "remember" the url he was requesting?

I have a blog in Spark and Java (it is part of the techdegree but applies to a lot of situations!)

The user wants to go to the url where he can edit a post --> GET(url of the post edit)

In order to avoid a user to modify a post that it's not his post, I ask for a password with a before filter for that url

if the password is ok, how can i redirect the user to the destiny he wanted to go? How can I "remember" that url?

Right now I am passing the "aimed" url vía the slug, creating urls of the type:

"/entries/:slug/log-in"

That is: one url for log-in for each entry. That's awful.

Is there a better way? (for sure.. :) )

Now in code (it is not everything, just the parts that matter)

    before("/entries/:slug/edit", (request, response) -> {
        String password = request.attribute("password");
        if (password == null || !password.equals(blog.getPassword())) {
            String slug = request.params("slug");
            response.redirect("/entries/" + slug + "/log-in");
            halt();
        }
    });



    get("/entries/:slug/edit", (request, response) -> {
        Map<String, Object> model = new HashMap<>();
        model.put("entry", blog.findBySlug(request.params("slug")));
        return new ModelAndView(model, "edit");
    }, new ThymeleafTemplateEngine());


    get("/entries/:slug/log-in", (request, response) -> {
        String slug = request.params("slug");
        Map<String, Object> model = new HashMap<>();
        model.put("entry", blog.findBySlug(slug));
        return new ModelAndView(model, "password");
    }, new ThymeleafTemplateEngine());

    post("/entries/:slug/log-in", (request, response) -> {
        String slug = request.params("slug");
        response.cookie("password", request.queryParams("password"));
        Map<String, Object> model = new HashMap<>();
        model.put("entry", blog.findBySlug(slug));
        response.redirect("/entries/" + request.params("slug") + "/edit");
        return null;
    });

1 Answer

Samuel Ferree
Samuel Ferree
31,723 Points
Samuel Ferree
Samuel Ferree
31,723 Points

There are several ways, but how I would do it, since you appear to be rendering pages instead of returning json data, is have the log-in page take an option parameter (initial entry), which gets rendered into the log in form as a hidden field, then your log in action can check if initial entry is not null, and redirect to that, instead of "home"

Blog7 -> No auth -> Log in with Blog7 as hidden field 'initial entry' -> Log in successful, 'initial entry' not null -> redirect to Blog7