Pass the originally requested URL as request parameter on the redirect to the login page.
String from = request.getRequestURI();
if (request.getQueryString() != null) {
from += "?" + request.getQueryString();
}
response.sendRedirect("login.jsp?from=" + URLEncoder.encode(from, "UTF-8"));
In login.jsp
, pass it to the login form submit target as a hidden input field.
<input type="hidden" name="from" value="${fn:escapeXml(param.from)}" />
(note: fn:escapeXml()
prevents you from XSS when redisplaying user-controlled data in HTML)
In the login action, check if it is there and then handle accordingly.
String from = request.getParameter("from");
if (from != null && !from.isEmpty()) {
response.sendRedirect(from);
} else {
response.sendRedirect("home.jsp");
}