You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Christian Kaltepoth (Created) (JIRA)" <de...@myfaces.apache.org> on 2012/01/18 07:34:39 UTC

[jira] [Created] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
------------------------------------------------------------------------------

                 Key: ORCHESTRA-60
                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
             Project: MyFaces Orchestra
          Issue Type: Bug
          Components: Conversation
    Affects Versions: 1.5
            Reporter: Christian Kaltepoth


Orchestra currently doesn't implement RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of HttpServletResponse clearly state that encodeRedirectURL() should be called before sending a redirect using sendRedirect(). Therefore the conversationContext parameter is currently lost in these situations.

Corresponding PrettyFaces issue:

http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Posted by "Leonardo Uribe (Commented) (JIRA)" <de...@myfaces.apache.org>.

    [ https://issues.apache.org/jira/browse/ORCHESTRA-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13238099#comment-13238099 ] 

Leonardo Uribe commented on ORCHESTRA-60:
-----------------------------------------

Hi Cristian

O, now I get it. sendRedirect() is used for internal and external URLs, but all internal URLs pass first through encodeRedirectURL(), so it is valid to add conversationContext param into that call. The rules for add conversationContext are already in orchestra and applies to encodeURL() too, so the change is valid.
                
> Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
> ------------------------------------------------------------------------------
>
>                 Key: ORCHESTRA-60
>                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
>             Project: MyFaces Orchestra
>          Issue Type: Bug
>          Components: Conversation
>    Affects Versions: 1.5
>            Reporter: Christian Kaltepoth
>
> Orchestra currently doesn't implement RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of HttpServletResponse clearly state that encodeRedirectURL() should be called before sending a redirect using sendRedirect(). Therefore the conversationContext parameter is currently lost in these situations.
> Corresponding PrettyFaces issue:
> http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Posted by "Leonardo Uribe (Commented) (JIRA)" <de...@myfaces.apache.org>.

    [ https://issues.apache.org/jira/browse/ORCHESTRA-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13234023#comment-13234023 ] 

Leonardo Uribe commented on ORCHESTRA-60:
-----------------------------------------

I have checked this one and there is a problem with override RequestParameterResponseWrapper.encodeRedirectURL() . In few words, there is no warrant the same conversationContext should be used for a redirect. This is the javadoc:

"... Encodes the specified URL for use in the sendRedirect method or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. Because the rules for making this determination can differ from those used to decide whether to encode a normal link, this method is separated from the encodeURL method.

All URLs sent to the HttpServletResponse.sendRedirect method should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies. ..."

What happen if the redirect url is not for the same app? conversationContext query param should not be added. Note encodeURL is used always for URL that are served for the webapp.

In PrettyFaces case, since it is a layer to generate "pretty" URLs, in my opinion it sounds better to use encodeURL.

Suggestions are welcome.
                
> Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
> ------------------------------------------------------------------------------
>
>                 Key: ORCHESTRA-60
>                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
>             Project: MyFaces Orchestra
>          Issue Type: Bug
>          Components: Conversation
>    Affects Versions: 1.5
>            Reporter: Christian Kaltepoth
>
> Orchestra currently doesn't implement RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of HttpServletResponse clearly state that encodeRedirectURL() should be called before sending a redirect using sendRedirect(). Therefore the conversationContext parameter is currently lost in these situations.
> Corresponding PrettyFaces issue:
> http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Posted by "Christian Kaltepoth (Commented) (JIRA)" <de...@myfaces.apache.org>.

    [ https://issues.apache.org/jira/browse/ORCHESTRA-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13238509#comment-13238509 ] 

Christian Kaltepoth commented on ORCHESTRA-60:
----------------------------------------------

Hey Leonardo,

yes, I think this is the way the API should be used. Calling sendRedirect() for external URLs is possible of cause, but calling encodeRedirectURL() only makes sense to me when being called for internal URLs. So I think it's safe to add the conversationContext parameter in encodeRedirectURL() too.

Christian
                
> Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
> ------------------------------------------------------------------------------
>
>                 Key: ORCHESTRA-60
>                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
>             Project: MyFaces Orchestra
>          Issue Type: Bug
>          Components: Conversation
>    Affects Versions: 1.5
>            Reporter: Christian Kaltepoth
>
> Orchestra currently doesn't implement RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of HttpServletResponse clearly state that encodeRedirectURL() should be called before sending a redirect using sendRedirect(). Therefore the conversationContext parameter is currently lost in these situations.
> Corresponding PrettyFaces issue:
> http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Posted by "Leonardo Uribe (Resolved) (JIRA)" <de...@myfaces.apache.org>.

     [ https://issues.apache.org/jira/browse/ORCHESTRA-60?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leonardo Uribe resolved ORCHESTRA-60.
-------------------------------------

    Resolution: Not A Problem
    
> Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
> ------------------------------------------------------------------------------
>
>                 Key: ORCHESTRA-60
>                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
>             Project: MyFaces Orchestra
>          Issue Type: Bug
>          Components: Conversation
>    Affects Versions: 1.5
>            Reporter: Christian Kaltepoth
>
> Orchestra currently doesn't implement RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of HttpServletResponse clearly state that encodeRedirectURL() should be called before sending a redirect using sendRedirect(). Therefore the conversationContext parameter is currently lost in these situations.
> Corresponding PrettyFaces issue:
> http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Posted by "Christian Kaltepoth (Commented) (JIRA)" <de...@myfaces.apache.org>.

    [ https://issues.apache.org/jira/browse/ORCHESTRA-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13237495#comment-13237495 ] 

Christian Kaltepoth commented on ORCHESTRA-60:
----------------------------------------------

Hi Leonardo,

thanks for looking into this issue. However I have a different opinion on this topic.

I think PrettyFaces is correct when calling encodeRedirectURL() instead of encodeURL(). The docs of encodeRedirectURL() clearly say "Encodes the specified URL for use in the sendRedirect() method". PrettyFaces is calling sendRedirect() to redirect inside the web application and therefore must call encodeRedirectURL() to preserve session IDs. That's what the spec defines.

I also think that both methods are meant to be used only for URLs that point to the same web application because the docs of both methods mention session IDs as the primary thing that has to be encoded in the URL. Therefore it would be not correct to call any of the encode methods on a URL that doesn't belong to the same application. Therefore I see no reason why the conversion context ID should not be added in encodeRedirectURL().

I'm looking forward to your thoughts on this.

Christian


                
> Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
> ------------------------------------------------------------------------------
>
>                 Key: ORCHESTRA-60
>                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
>             Project: MyFaces Orchestra
>          Issue Type: Bug
>          Components: Conversation
>    Affects Versions: 1.5
>            Reporter: Christian Kaltepoth
>
> Orchestra currently doesn't implement RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of HttpServletResponse clearly state that encodeRedirectURL() should be called before sending a redirect using sendRedirect(). Therefore the conversationContext parameter is currently lost in these situations.
> Corresponding PrettyFaces issue:
> http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira