[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1860) login-required and no-conversation-view-id causes infinite redirect after session timeout on POST request

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Mon Aug 27 21:15:18 EDT 2007 

    [ http://jira.jboss.com/jira/browse/JBSEAM-1860?page=comments#action_12374099 ] 
            
Shane Bryzak commented on JBSEAM-1860:
--------------------------------------

I couldn't reproduce this behaviour with the latest CVS version of Seam.  Could you please try it with the latest CVS or nightly build, and if you still get an error could you please attach a deployable test case to this issue which reproduces it.

> login-required and no-conversation-view-id causes infinite redirect after session timeout on POST request
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-1860
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1860
>             Project: JBoss Seam
>          Issue Type: Bug
>    Affects Versions: 2.0.0.BETA1
>            Reporter: Jacob Orshalick
>         Assigned To: Shane Bryzak
>             Fix For: 2.0.0.CR1
>
>
> When a page is setup as login-required="true" in pages.xml and a no-conversation-view-id is specified an infinite redirect occurs if the session times out and a POST request is then made by the user. Here is a snippet of my pages.xml configuration: 
> <pages login-view-id="/common/login.jsp">
> 	<!-- Security configuration -->
> 	<page view-id="*" scheme="http"/>
> 	
> 	<page view-id="/administration/*" scheme="http" login-required="true">
> 		<restrict>#{s:hasRole('Administrator')}</restrict>
> 	</page>
> 	
> 	<page view-id="/status/*" login-required="true" no-conversation-view-id="/status/search.xhtml">
> 		<restrict>#{s:hasRole('appRole')}</restrict>
> 	</page>
> When accessing a page under /status/* the first access always redirects to login.jsp as expected. The user then logs in and continues working with the application. If the HTTP session is then allowed to timeout, a GET request will behave as expected and redirect to the login.jsp. A POST on the other hand will cause an infinite redirect.  The stacktrace can be found at the forum reference.
> If the no-conversation-view-id is removed, the redirect works as expected but or course an error occurs if you return to a page that requires a conversation after logging in.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list