Retrieve wrong HttpSession after install LocalizationFilter
by Phuong Vu Viet
Steps to reproduce:
- Try to register new user : fill the form with all needed data
- Expect : Register successfully, but always show PopupMessage : Text
verification isn't correct
I've tried to debug and found that :
- in PortalController servlet and CaptchaServlet : i can retrieve the same
HttpSession from the HttpRequestWrapper (wrapped in LocalizationFilter)
- but in the CaptchaValidator : after call to
portalRequestContext.getRequest().getSession() , the HttpSession object is
difference with the one we retrieved in PortalController
Actually, in each request, ApplicationDispatcher doesn't wrap the
ServletFacade , it wrap the HttpRequestWrapper (RequestFacade has already
wrapped by LocalizationFilter), and the local variable crossContext is set
to true --> In portlet, when i call getSession(), the wrapper object
delegates the call to ApplicationHttpRequest, but this wrapper doesn't
delegate to RequestFacade's getSession() method but return the wrong
HttSession
13 years, 8 months
gatein sso component organization
by Sohil Shah
The main issue here is a cyclic dependency between the core 'portal' and
the 'agent' module of this component.
'agent' depends on the 'web/security' module of the core portal. It
relates to all portal authentication process once the sso system is done
processing the tokens with the underlying
sso infrastructure such as CAS, JOSSO, or Kerberos.
In a nutshell, I would think of it as an decoration of the core portal
authentication process, when users want sso functionality.
So options:
a/ move the 'agent' module into the core portal (not recommended since
its a plugin component. Not all users use the sso component)
b/ move some of the 'web security' stuff into a separate component
outside the core portal, may be even an existing component like WCI if
it makes sense. Then the sso agent can depend on this component just like
it does on others like 'container', 'services', 'ws', and 'rest'.
Thanks
Sohil
13 years, 8 months