[jboss-jira] [JBoss JIRA] Updated: (JBAS-5263) WebAuthentication does not work across requests (specifying JSessionId)
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Apr 24 13:31:09 EDT 2008
[ http://jira.jboss.com/jira/browse/JBAS-5263?page=all ]
Anil Saldhana updated JBAS-5263:
--------------------------------
Summary: WebAuthentication does not work across requests (specifying JSessionId) (was: WebAutentication does not work across requests)
> WebAuthentication does not work across requests (specifying JSessionId)
> -----------------------------------------------------------------------
>
> Key: JBAS-5263
> URL: http://jira.jboss.com/jira/browse/JBAS-5263
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: JBossAS-4.2.2.GA
> Environment: All
> Reporter: Vinod Bhat
> Assigned To: Anil Saldhana
>
> When cookies are disabled and WebAuthentication is used to do programmatic login, the subsequent requests cannot access a secured resource in spite of specifying the jsessionid.
> Code executed for first request -
> String loginId = request.getParameter("userName");
> String pwd = request.getParameter("password");
> WebAuthentication pwl = new WebAuthentication();
> pwl.login(loginId, pwd);
> System.out.println(request.getSession().getId());
> Next, access a secured resource using the sessionid printed above -
> http://localhost:8080/tester/securepage.jsp;jsessionid=3DD43722A08682D91623FDE362D10275?key1=value1
> This access does not go to securepage.jsp, instead takes the user back to login page.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list