[jboss-jira] [JBoss JIRA] (JBWEB-307) FormAuthenticator doesn't restore SavedRequest body after login
Diego Fiozzi (JIRA)
issues at jboss.org
Mon Nov 17 05:14:39 EST 2014
Diego Fiozzi created JBWEB-307:
----------------------------------
Summary: FormAuthenticator doesn't restore SavedRequest body after login
Key: JBWEB-307
URL: https://issues.jboss.org/browse/JBWEB-307
Project: JBoss Web
Issue Type: Bug
Components: Tomcat
Affects Versions: JBossWeb-7.0.13.GA
Environment: Winfows 7, Jboss as 7.1.1 final (Jbossweb 7.0.13 final), JDK6
Reporter: Diego Fiozzi
Assignee: Remy Maucherat
Priority: Blocker
i'm porting my application from tomcat to jboss as 7.1.1 final. it include smartgwt, spring.
i use jaas login:
<form method="POST" action="j_security_check">tion="j_security_check">
to my custom login class which implements javax.security.auth.spi.LoginModule
after login goes well, the execution flow goes to my spring controller:
@RequestMapping(value="/all", method=RequestMethod.POST)
@ResponseBody
public String all(@RequestBody String json,HttpSession session, HttpServletRequest servletrequest) throws Exception {
but the "json" parameter is null.
The cause seems to be in this method
public boolean authenticate(Request request,
HttpServletResponse response,
LoginConfig config)
in org.apache.catalina.authenticator.FormAuthenticator class, in the last part, after the .authenticate:
principal = realm.authenticate(username, password);
if (principal == null) {
forwardToErrorPage(request, response, config);
return (false);
}
if (log.isDebugEnabled())
log.debug("Authentication of '" + username + "' was successful");
if (session == null)
session = request.getSessionInternal(false);
if (session == null) {
if (containerLog.isDebugEnabled())
containerLog.debug
("User took so long to log on the session expired");
response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
sm.getString("authenticator.sessionExpired"));
return (false);
}
// Save the authenticated Principal in our session
session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
// Save the username and password as well
session.setNote(Constants.SESS_USERNAME_NOTE, username);
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
// Redirect the user to the original request URI (which will cause
// the original request to be restored)
requestURI = savedRequestURL(session);
if (log.isDebugEnabled())
log.debug("Redirecting to original '" + requestURI + "'");
if (requestURI == null)
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
sm.getString("authenticator.formlogin"));
else
response.sendRedirect(response.encodeRedirectURL(requestURI));
return (false);
in debug i've found my json: in session there is a "note" field which contains a SavedRequest object:
https://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/authenticator/SavedRequest.html
it is a container of the request before login, and it has my json in his body field. its uri is restored (line #32) not the entire request. i suppose it should make a call of
session.setNote(Constants.FORM_REQUEST_NOTE, saved);
in every cases, like it does for SESS_USERNAME_NOTE, SESS_PASSWORD_NOTE and FORM_PRINCIPAL_NOTE
--
This message was sent by Atlassian JIRA
(v6.3.8#6338)
More information about the jboss-jira
mailing list