[jboss-jira] [JBoss JIRA] Commented: (JBAS-5645) JBossWeb losing POST data during FORM Authentication

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Thu Jun 19 00:43:37 EDT 2008 

    [ http://jira.jboss.com/jira/browse/JBAS-5645?page=comments#action_12417891 ] 
            
Anil Saldhana commented on JBAS-5645:
-------------------------------------

Remy has to comment on the following:
http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/main/org/jboss/test/web/test/FormAuthUnitTestCase.java

The httpclient based test code is as follows:

Step 1: Make a post method to a secure servlet
     // Submit the form to /restricted/SecuredPostServlet
      PostMethod servletPost = new PostMethod(baseURLNoAuth+"form-auth/restricted/SecuredPostServlet");
      servletPost.addParameter("checkParam", "123456"); 
      responseCode = httpConn.executeMethod(servletPost);

 Step 2: Do the form Auth - Get hold of the redirected login page. Do a post on j_security_check with username/pwd etc

Step 3: (THIS IS WHERE I NEED REMY'S GUIDANCE)
Currently the test code is doing a GET on the redirected url
 //  Follow the redirect to the SecureServlet
      Header location = formPost.getResponseHeader("Location");
      String indexURI = location.getValue();
      GetMethod war1Index = new GetMethod(indexURI);
      responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(),
         war1Index, state);
      assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);


The question is in Step 3,  should the test code submit the original POST method (that had a parameter) or the above code is fine?  I am guessing that the restore request in the form authenticator should be restoring the post data?

> JBossWeb losing POST data during FORM Authentication
> ----------------------------------------------------
>
>                 Key: JBAS-5645
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5645
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-5.0.0.Beta4
>            Reporter: Anil Saldhana
>         Assigned To: Remy Maucherat
>             Fix For: JBossAS-5.0.0.CR1
>
>
> TestCase: org.jboss.test.web.test.FormAuthUnitTestCase
> Test: testPostDataFormAuth
> Somehow the form authenticator restore request is losing the post data that was submitted as part of the request before the form authentication kicked in.
> Remy, please validate this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list