=== added file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DefaultAuthenticationSuccessHandler.java	2011-03-29 21:28:45 +0000
@@ -0,0 +1,63 @@
+package org.hisp.dhis.security;
+
+/*
+ * Copyright (c) 2004-2010, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.hisp.dhis.security.intercept.LoginInterceptor;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+
+/**
+ * Since ActionContext is not available at this point, we set a mark in the
+ * session that signales that login has just occured, and that LoginInterceptor
+ * should be run.
+ * 
+ * @author mortenoh
+ */
+public class DefaultAuthenticationSuccessHandler
+    extends SavedRequestAwareAuthenticationSuccessHandler
+{
+    private static final Log log = LogFactory.getLog( DefaultAuthenticationSuccessHandler.class );
+
+    @Override
+    public void onAuthenticationSuccess( HttpServletRequest request, HttpServletResponse response,
+        Authentication authentication )
+        throws ServletException, IOException
+    {
+        request.getSession().setAttribute( LoginInterceptor.JLI_SESSION_VARIABLE, Boolean.TRUE );
+
+        super.onAuthenticationSuccess( request, response, authentication );
+    }
+}

=== renamed file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/LoggedInAction.java' => 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/RestrictOrganisationUnitsAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/LoggedInAction.java	2010-04-12 21:23:33 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/RestrictOrganisationUnitsAction.java	2011-03-29 21:28:45 +0000
@@ -41,7 +41,7 @@
  * @author Torgeir Lorange Ostby
  * @version $Id: LoggedInAction.java 5649 2008-09-05 20:07:34Z larshelg $
  */
-public class LoggedInAction
+public class RestrictOrganisationUnitsAction
     implements Action
 {
     // -------------------------------------------------------------------------

=== added file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/intercept/LoginInterceptor.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/intercept/LoginInterceptor.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/intercept/LoginInterceptor.java	2011-03-29 21:28:45 +0000
@@ -0,0 +1,96 @@
+package org.hisp.dhis.security.intercept;
+
+/*
+ * Copyright (c) 2004-2010, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.struts2.ServletActionContext;
+
+import com.opensymphony.xwork2.Action;
+import com.opensymphony.xwork2.ActionInvocation;
+import com.opensymphony.xwork2.interceptor.Interceptor;
+
+/**
+ * Interceptor that will run a list of actions when the user first logins.
+ * 
+ * @author mortenoh
+ */
+public class LoginInterceptor
+    implements Interceptor
+{
+    private static final long serialVersionUID = -5376334780350610573L;
+
+    private static final Log log = LogFactory.getLog( LoginInterceptor.class );
+
+    public static final String JLI_SESSION_VARIABLE = "JLI";
+
+    private List<Action> actions = new ArrayList<Action>();
+
+    /**
+     * @param actions List of actions to run on login.
+     */
+    public void setActions( List<Action> actions )
+    {
+        this.actions = actions;
+    }
+
+    @Override
+    public String intercept( ActionInvocation invocation )
+        throws Exception
+    {
+        Boolean jli = (Boolean) ServletActionContext.getRequest().getSession()
+            .getAttribute( LoginInterceptor.JLI_SESSION_VARIABLE );
+
+        if ( jli != null )
+        {
+            log.info( "JLI marker is present. Running " + actions.size() + " JLI actions." );
+
+            for ( Action a : actions )
+            {
+                a.execute();
+            }
+
+            ServletActionContext.getRequest().getSession().removeAttribute( LoginInterceptor.JLI_SESSION_VARIABLE );
+        }
+
+        return invocation.invoke();
+    }
+
+    @Override
+    public void destroy()
+    {
+    }
+
+    @Override
+    public void init()
+    {
+    }
+}

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2011-03-23 19:21:50 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2011-03-29 21:28:45 +0000
@@ -7,9 +7,9 @@
   <sec:global-method-security jsr250-annotations="disabled" pre-post-annotations="disabled" secured-annotations="disabled" />
 
   <sec:http access-decision-manager-ref="accessDecisionManager" use-expressions="true" realm="DHIS2">
-    <sec:form-login default-target-url="/dhis-web-commons-security/loggedIn.action" always-use-default-target="true"
+    <sec:form-login default-target-url="/" always-use-default-target="false"
       login-processing-url="/dhis-web-commons-security/login.action" authentication-failure-url="/dhis-web-commons/security/loginfailed.html"
-      login-page="/dhis-web-commons/security/login.html" />
+      login-page="/dhis-web-commons/security/login.html" authentication-success-handler-ref="defaultAuthenticationSuccessHandler"/>
     <sec:http-basic />
     <sec:logout logout-url="/dhis-web-commons-security/logout.action" />
 
@@ -25,8 +25,10 @@
     <sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />
   </sec:http>
 
+  <bean id="defaultAuthenticationSuccessHandler" class="org.hisp.dhis.security.DefaultAuthenticationSuccessHandler" />
+
   <!-- Security : Action -->
-  <bean id="org.hisp.dhis.security.action.LoggedInAction" class="org.hisp.dhis.security.action.LoggedInAction" scope="prototype">
+  <bean id="restrictOrganisationUnitsAction" class="org.hisp.dhis.security.action.RestrictOrganisationUnitsAction" scope="prototype">
     <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
     <property name="selectionManager" ref="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
     <property name="selectionTreeManager" ref="org.hisp.dhis.oust.manager.SelectionTreeManager" />
@@ -130,6 +132,14 @@
 
   <!-- Security : Interceptor -->
 
+  <bean id="loginInterceptor" class="org.hisp.dhis.security.intercept.LoginInterceptor">
+  	<property name="actions">
+  		<list>
+  			<ref bean="restrictOrganisationUnitsAction" />
+  		</list>
+  	</property>
+  </bean>
+  
   <bean id="org.hisp.dhis.security.intercept.XWorkSecurityInterceptor" class="org.hisp.dhis.security.intercept.XWorkSecurityInterceptor">
     <property name="accessDecisionManager" ref="accessDecisionManager" />
     <property name="authenticationManager" ref="authenticationManager" />

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml	2011-01-31 08:47:19 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/dhis-web-commons.xml	2011-03-29 21:28:45 +0000
@@ -73,6 +73,7 @@
 				class="org.hisp.dhis.security.intercept.XWorkSecurityInterceptor" />
 			<interceptor name="postHttpMethodInterceptor"
 				class="org.hisp.dhis.security.intercept.HttpMethodInterceptor" />
+			<interceptor name="loginInterceptor" class="loginInterceptor" />
 
 			<interceptor-stack name="commonInterceptors">
 				<interceptor-ref name="staticParams" />
@@ -84,6 +85,7 @@
 					the access denied error pages can use internationalisation.
 				-->
 				<interceptor-ref name="securityInterceptor" />
+				<interceptor-ref name="loginInterceptor" />
 				<interceptor-ref name="sortOrderInterceptor" />
 				<interceptor-ref name="displayPropertyInterceptor" />
 				<interceptor-ref name="systemSettingInterceptor" />
@@ -265,17 +267,6 @@
 
 	</package>
 
-	<!-- Security -->
-
-	<package name="dhis-web-commons-security" extends="dhis-web-commons"
-		namespace="/dhis-web-commons-security">
-
-		<action name="loggedIn" class="org.hisp.dhis.security.action.LoggedInAction">
-			<result name="success" type="redirect">/</result>
-		</action>
-
-	</package>
-
 	<!-- i18n -->
 
 	<package name="dhis-web-commons-i18n" extends="dhis-web-commons"