[gatein-issues] [JBoss JIRA] (GTNPORTAL-1970) Richfaces portlet after session expiration generates incorrect request (resource)

Mon Nov 7 04:06:45 EST 2011

    [ https://issues.jboss.org/browse/GTNPORTAL-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640653#comment-12640653 ] 

Minh Hoang TO commented on GTNPORTAL-1970:
------------------------------------------

{quote}
The issue here has nothing to do with this particular portlet, richfaces or the portletbridge. Its a generic issue which arises with ajax calls to retrieve resources, which get redirected due to the session expiring.
{quote}

With NavigationController integration, there is no more concept of public/private modes. Hence, we could not have the case where URL in browser's address bar is public (authentication not required) whereas resource URL is private (authentication required)

Below is resource URL generated in navigation portlet

/portal/g/:platform:administrators/administration/registry?portal:componentId=590eb334-a18c-4859-b492-58536de46242&portal:windowState=normal&portal:resourceID=administration&portal:cacheLevel=PAGE&portal:type=resource&portal:portletMode=view

> Richfaces portlet after session expiration generates incorrect request (resource)
> ---------------------------------------------------------------------------------
>
>                 Key: GTNPORTAL-1970
>                 URL: https://issues.jboss.org/browse/GTNPORTAL-1970
>             Project: GateIn Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 3.2.0-M01
>         Environment: GateIn trunk (07/27)
> EPP5.1.1 CR01
>            Reporter: Michal Vanco
>            Assignee: Minh Hoang TO
>              Labels: portal-s64
>             Fix For: 3.2.0-M02
>
>         Attachments: rfportlet-session_exp.png
>
>
> ajax requests in RF portlets contain in URL following attribute: &portal:type=resource
> and when session expires, you re-login and then portlet becomes only a resource in browser and not a part of portal page (see screenshot)
> To reproduce:
>  - deploy some RF portlet in portal (for example tic-tac-toe portlet - http://anonsvn.jboss.org/repos/qa/prabhat/tictactoe-portlet)
>  - change session timeout in gatein.ear/02portal.war/WEB-INF/web.xml to 1 minute and start portal
>  - add RF portlet on page
>  - wait 1 minute for session expiration, click on any button in RF portlet -> you are asked to re-login and then you see only portlet in browser and no portal environment
> URL after expiration and re-login can look like:
> http://localhost:8080/portal/private/classic/ttt?portal:componentId=f976fc4d-2849-46a3-a4db-bdae5756b79b&portal:type=resource&navigationalstate=JBPNS_rO0ABXdcACJqYXZheC5mYWNlcy5wb3J0bGV0YnJpZGdlLlNUQVRFX0lEAAAAAQApdmlldzo3Zjc4ZWE5Mi02ZjNhLTQyMTgtYWZiNy0xNDk5NjNmMzVkZTkAB19fRU9GX18*&portal:windowState=normal&portal:portletMode=view&portal:resourceID=/faces/pages/index.xhtml&portal:cacheLevel=PAGE&resourcestate=JBPNS_rO0ABXczABBfanNmQnJpZGdlVmlld0lkAAAAAQASL3BhZ2VzL2luZGV4LnhodG1sAAdfX0VPRl9f
> You can go back in portal by removing "&portal:type=resource" from URL or type page URL in browser (http://localhost:8080/portal/private/classic/ttt)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira