[gatein-issues] [JBoss JIRA] (GTNPORTAL-2230) Unauthorized access to Site Editor raises an unexpected JS error alert

Matt Wringe (Commented) (JIRA) jira-events at lists.jboss.org
Mon Oct 24 10:05:45 EDT 2011 

    [ https://issues.jboss.org/browse/GTNPORTAL-2230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12636910#comment-12636910 ] 

Matt Wringe commented on GTNPORTAL-2230:
----------------------------------------

What AJAX actions exactly?
I have updated the patch to better handle this error situation, If you see any issues with the latest patch please let me know.
                
> Unauthorized access to Site Editor raises an unexpected JS error alert
> ----------------------------------------------------------------------
>
>                 Key: GTNPORTAL-2230
>                 URL: https://issues.jboss.org/browse/GTNPORTAL-2230
>             Project: GateIn Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>            Reporter: Matt Wringe
>            Assignee: Matt Wringe
>
> See JBEPP-1191
> Basically what is happening here
> - we log out of the portal but still have a tab open where we can still click on links like 'edit page'.
> - id's for web ui components are different between a logged in user and an unauthenticated user
> - we click on 'edit page'
> - this causes an ajax request to be created, but the component id we get is for the unauthorized user (since the user already logged out).
> - when the page tries to update itself it can't find this component in the current document (the page we are on contains the authenticated user document)
> currently when this occurs, an alert is created (which isn't all that helpful to what the actual error is) and then it get stuck in an infinite loop. A timeout then occurs which reloads the page, bringing in the unauthenticated user document. Since we are now on the unauthenticated document, the component can be retrieved and the proper request can be completed.
> This error is a bit more broad than just what happens when a user logs in or out (for example, lets say a webui component is removed from the portal, the same result would occur). And it might not always be wise to just automatically reload the page if it can't find the component to update (its not good if someone fills out a form and are no longer authenticated when they click submit, causing the contents of the post to be lost).
> The best solution here is to probably throw an error message saying it can't find the contents the ajax request is trying to access and recommend refreshing the page.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the gatein-issues mailing list