You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Mark Zeltser <Ma...@morganstanley.com> on 2003/04/04 17:52:02 UTC
SecurityFilter and back button
Hi,
I have struts 1.1b3 integrated with SecurityFilter using
CatalinaRealmAdapter. It works except of one case. After successfull
login, clicking back button and trying to login again results in
generating incorrect response path. E.g:
**********************************************************************************************************************************************
Response:
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
---------------------------------------------------------------
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
authType=null
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
contentLength=-1
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
contentType=text/plain
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
cookie=JSESSIONID=1958650B877524BABA607A1E4A7A9B1F; domain=null;
path=/confirmw
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
header=Set-Cookie=JSESSIONID=1958650B877524BABA607A1E4A7A9B1F;
Path=/confirmw
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
header=Location=http://localhost:8080/confirmwnull
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
message=null
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
remoteUser=null
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
status=302
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
===============================================================
New Request:
2003-04-04 10:43:36 RequestDumperValve[Standalone]: REQUEST URI
=/confirmwnull
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
authType=null
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
characterEncoding=null
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
contentLength=-1
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
contentType=null
2003-04-04 10:43:36 RequestDumperValve[Standalone]: contextPath=
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
cookie=JSESSIONID=1958650B877524BABA607A1E4A7A9B1F
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
header=accept=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/msword, application/vnd.ms-excel,
application/vnd.ms-powerpoint, */*
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
header=referer=http://localhost:8080/confirmw/jsp/logon.jsp
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
header=accept-language=en-us
2003-04-04 10:43:36 RequestDumperValve[Standalone]:
header=accept-encoding=gzip, deflat
**********************************************************************************************************************************************
Looks like domain's value(null) is appened to path, resulting in
incorrect URI /confirmnull.
Is this a bug?
Thanks,
Mark.
--
NOTICE: If received in error, please destroy and notify sender. Sender
does not waive confidentiality or privilege, and use is prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: SecurityFilter and back button
Posted by Max Cooper <ma...@maxcooper.com>.
That looks like a bug on first glance. Please submit it to the
SecurityFilter project bug list on Sourceforge so that we can track it:
http://sourceforge.net/tracker/?group_id=59484&atid=491164
If you aren't using it now, I recommend using the securityfilter-1.0.1
release, rather than an older release or a build from the CVS tree. 1.0.1 is
the most stable. Actually, do this before you submit the bug in case it has
already been fixed. If you were using a release version already, rather than
the CVS tree, it probably hasn't been fixed in 1.0.1. It is possible that it
was introduced in CVS when we added some features recently.
I will look at it this weekend and possibly have a release to fix it in the
same time frame.
-Max
----- Original Message -----
From: "Mark Zeltser" <Ma...@morganstanley.com>
To: <st...@jakarta.apache.org>
Sent: Friday, April 04, 2003 7:52 AM
Subject: SecurityFilter and back button
>
> Hi,
>
> I have struts 1.1b3 integrated with SecurityFilter using
> CatalinaRealmAdapter. It works except of one case. After successfull
> login, clicking back button and trying to login again results in
> generating incorrect response path. E.g:
>
>
****************************************************************************
******************************************************************
>
> Response:
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> ---------------------------------------------------------------
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> authType=null
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> contentLength=-1
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> contentType=text/plain
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> cookie=JSESSIONID=1958650B877524BABA607A1E4A7A9B1F; domain=null;
> path=/confirmw
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> header=Set-Cookie=JSESSIONID=1958650B877524BABA607A1E4A7A9B1F;
> Path=/confirmw
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> header=Location=http://localhost:8080/confirmwnull
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> message=null
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> remoteUser=null
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> status=302
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> ===============================================================
>
>
> New Request:
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]: REQUEST URI
> =/confirmwnull
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> authType=null
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> characterEncoding=null
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> contentLength=-1
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> contentType=null
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]: contextPath=
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> cookie=JSESSIONID=1958650B877524BABA607A1E4A7A9B1F
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> header=accept=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/msword, application/vnd.ms-excel,
> application/vnd.ms-powerpoint, */*
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> header=referer=http://localhost:8080/confirmw/jsp/logon.jsp
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> header=accept-language=en-us
> 2003-04-04 10:43:36 RequestDumperValve[Standalone]:
> header=accept-encoding=gzip, deflat
>
****************************************************************************
******************************************************************
>
> Looks like domain's value(null) is appened to path, resulting in
> incorrect URI /confirmnull.
>
> Is this a bug?
>
> Thanks,
> Mark.
>
>
> --
> NOTICE: If received in error, please destroy and notify sender. Sender
> does not waive confidentiality or privilege, and use is prohibited.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org