You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@roller.apache.org by kyle <ky...@bridge9.sakura.ne.jp> on 2015/01/10 13:57:11 UTC
Salt stays same in entryEdit page - is it by design?
Hello, I'm running Roller 5.1.1 on WildFly 8.2.0.Final.
Recently I got into a problem which is getting status code 500
by "javax.servlet.ServletException: Security Violation."
at editing page 1 or 2 times per day.
it occurs when I push save as draft button.
I'm looking into this problem now,
then I found that the salt value in the editing page stays same
while I'm writing content and pushing save button sometimes.
I mean this element in the form:
<input type="hidden" name="salt" value="8l4wTyF0LBKuhJLJ5zvU" id="entry_salt"/>
I turned on DEBUG logs, then I can see the problem more clearly.
DEBUG 2015-01-10 20:52:28,267 SaltCache:put - PUT 8l4wTyF0LBKuhJLJ5zvU
DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
...snip...
DEBUG 2015-01-10 21:51:49,744 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
DEBUG 2015-01-10 21:53:14,173 ExpiringLRUCacheImpl:get - EXPIRED [8l4wTyF0LBKuhJLJ5zvU]
DEBUG 2015-01-10 21:53:14,173 SaltCache:get - MISS 8l4wTyF0LBKuhJLJ5zvU
And, after some investigating I found that
all salts will be expired in 60 minutes after creation.
thus, I can't stay at editing page over 60 minutes.
If I overstayed, then I can't save my draft anymore
and got "Security Violation".
Is it expected behavior?
or it might be a WildFly specific problem?
Also I posted about the problem:
http://www.nailedtothex.org/roller/kyle/entry/debugging-roller-s-salt-processing
Thanks.
Re: Salt stays same in entryEdit page - is it by design?
Posted by kyle <ky...@bridge9.sakura.ne.jp>.
Hi Glen,
I attached my patch to JIRA.
https://issues.apache.org/jira/browse/ROL-2058
2015/01/11 1:09、Glen Mazza <gl...@gmail.com> のメール:
> Patch welcome. :)
>
> Glen
>
> On Sat, Jan 10, 2015 at 10:36 AM, kyle <ky...@bridge9.sakura.ne.jp> wrote:
>
>> I think I found the cause. UIAction#setSalt(String) is being invoked with
>> old salt value (maybe it comes from POST parameter). simply deleting
>> UIAction#setSalt(String) solved the problem on my workspace. now I'm seeing
>> a new salt value at every hitting of "Save as draft".
>>
>> 2015/01/10 22:49、kyle <ky...@bridge9.sakura.ne.jp> のメール:
>>
>>> Hello Glen,
>>>
>>> Thanks for the response.
>>>
>>> I think it appears that my previous email was not clear. in my
>> environment, the clock won't restart when I hit save as draft. the clock
>> start ticking at the first time I visit the editing page, it never stops so
>> I can't stay in the editing page over 60 minutes. to restart the clock (to
>> get a new salt), I need 2 steps - move to other page and get back to the
>> editing page. do you mean I should doing so?
>>>
>>> 2015/01/10 22:22、Glen <gl...@gmail.com> wrote:
>>>
>>>> Hi Kyle, while it probably could be handled more elegantly, your
>> writing would not normally be lost, as you can just hit the back key from
>> your browser to get back to your text. 60 minutes is pretty generous and
>> the clock restarts everytime you hit save draft as you periodically should
>> be doing anyway. We haven't the resources to try to implement google doc
>> style editing within blog entries, at any rate for long term editing you
>> can use your favorite desktop editor and then just copy and paste the html
>> into the roller blog edit field and then publish it.
>>>>
>>>> Yes this happens with other containers like Tomcat.
>>>>
>>>> Glen
>>>>
>>>> -----Original Message-----
>>>> From: "kyle" <ky...@bridge9.sakura.ne.jp>
>>>> Sent: 1/10/2015 7:57 AM
>>>> To: "user@roller.apache.org" <us...@roller.apache.org>
>>>> Subject: Salt stays same in entryEdit page - is it by design?
>>>>
>>>> Hello, I'm running Roller 5.1.1 on WildFly 8.2.0.Final.
>>>>
>>>> Recently I got into a problem which is getting status code 500
>>>> by "javax.servlet.ServletException: Security Violation."
>>>> at editing page 1 or 2 times per day.
>>>> it occurs when I push save as draft button.
>>>>
>>>> I'm looking into this problem now,
>>>> then I found that the salt value in the editing page stays same
>>>> while I'm writing content and pushing save button sometimes.
>>>> I mean this element in the form:
>>>> <input type="hidden" name="salt" value="8l4wTyF0LBKuhJLJ5zvU"
>> id="entry_salt"/>
>>>>
>>>> I turned on DEBUG logs, then I can see the problem more clearly.
>>>>
>>>> DEBUG 2015-01-10 20:52:28,267 SaltCache:put - PUT 8l4wTyF0LBKuhJLJ5zvU
>>>> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
>>>> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
>>>> ...snip...
>>>> DEBUG 2015-01-10 21:51:49,744 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
>>>> DEBUG 2015-01-10 21:53:14,173 ExpiringLRUCacheImpl:get - EXPIRED
>> [8l4wTyF0LBKuhJLJ5zvU]
>>>> DEBUG 2015-01-10 21:53:14,173 SaltCache:get - MISS 8l4wTyF0LBKuhJLJ5zvU
>>>>
>>>> And, after some investigating I found that
>>>> all salts will be expired in 60 minutes after creation.
>>>> thus, I can't stay at editing page over 60 minutes.
>>>> If I overstayed, then I can't save my draft anymore
>>>> and got "Security Violation".
>>>>
>>>> Is it expected behavior?
>>>> or it might be a WildFly specific problem?
>>>>
>>>> Also I posted about the problem:
>>>>
>> http://www.nailedtothex.org/roller/kyle/entry/debugging-roller-s-salt-processing
>>>>
>>>> Thanks.
>>>
>>>
>>
>>
Re: Salt stays same in entryEdit page - is it by design?
Posted by Glen Mazza <gl...@gmail.com>.
Patch welcome. :)
Glen
On Sat, Jan 10, 2015 at 10:36 AM, kyle <ky...@bridge9.sakura.ne.jp> wrote:
> I think I found the cause. UIAction#setSalt(String) is being invoked with
> old salt value (maybe it comes from POST parameter). simply deleting
> UIAction#setSalt(String) solved the problem on my workspace. now I'm seeing
> a new salt value at every hitting of "Save as draft".
>
> 2015/01/10 22:49、kyle <ky...@bridge9.sakura.ne.jp> のメール:
>
> > Hello Glen,
> >
> > Thanks for the response.
> >
> > I think it appears that my previous email was not clear. in my
> environment, the clock won't restart when I hit save as draft. the clock
> start ticking at the first time I visit the editing page, it never stops so
> I can't stay in the editing page over 60 minutes. to restart the clock (to
> get a new salt), I need 2 steps - move to other page and get back to the
> editing page. do you mean I should doing so?
> >
> > 2015/01/10 22:22、Glen <gl...@gmail.com> wrote:
> >
> >> Hi Kyle, while it probably could be handled more elegantly, your
> writing would not normally be lost, as you can just hit the back key from
> your browser to get back to your text. 60 minutes is pretty generous and
> the clock restarts everytime you hit save draft as you periodically should
> be doing anyway. We haven't the resources to try to implement google doc
> style editing within blog entries, at any rate for long term editing you
> can use your favorite desktop editor and then just copy and paste the html
> into the roller blog edit field and then publish it.
> >>
> >> Yes this happens with other containers like Tomcat.
> >>
> >> Glen
> >>
> >> -----Original Message-----
> >> From: "kyle" <ky...@bridge9.sakura.ne.jp>
> >> Sent: 1/10/2015 7:57 AM
> >> To: "user@roller.apache.org" <us...@roller.apache.org>
> >> Subject: Salt stays same in entryEdit page - is it by design?
> >>
> >> Hello, I'm running Roller 5.1.1 on WildFly 8.2.0.Final.
> >>
> >> Recently I got into a problem which is getting status code 500
> >> by "javax.servlet.ServletException: Security Violation."
> >> at editing page 1 or 2 times per day.
> >> it occurs when I push save as draft button.
> >>
> >> I'm looking into this problem now,
> >> then I found that the salt value in the editing page stays same
> >> while I'm writing content and pushing save button sometimes.
> >> I mean this element in the form:
> >> <input type="hidden" name="salt" value="8l4wTyF0LBKuhJLJ5zvU"
> id="entry_salt"/>
> >>
> >> I turned on DEBUG logs, then I can see the problem more clearly.
> >>
> >> DEBUG 2015-01-10 20:52:28,267 SaltCache:put - PUT 8l4wTyF0LBKuhJLJ5zvU
> >> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
> >> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
> >> ...snip...
> >> DEBUG 2015-01-10 21:51:49,744 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
> >> DEBUG 2015-01-10 21:53:14,173 ExpiringLRUCacheImpl:get - EXPIRED
> [8l4wTyF0LBKuhJLJ5zvU]
> >> DEBUG 2015-01-10 21:53:14,173 SaltCache:get - MISS 8l4wTyF0LBKuhJLJ5zvU
> >>
> >> And, after some investigating I found that
> >> all salts will be expired in 60 minutes after creation.
> >> thus, I can't stay at editing page over 60 minutes.
> >> If I overstayed, then I can't save my draft anymore
> >> and got "Security Violation".
> >>
> >> Is it expected behavior?
> >> or it might be a WildFly specific problem?
> >>
> >> Also I posted about the problem:
> >>
> http://www.nailedtothex.org/roller/kyle/entry/debugging-roller-s-salt-processing
> >>
> >> Thanks.
> >
> >
>
>
Re: Salt stays same in entryEdit page - is it by design?
Posted by kyle <ky...@bridge9.sakura.ne.jp>.
I think I found the cause. UIAction#setSalt(String) is being invoked with old salt value (maybe it comes from POST parameter). simply deleting UIAction#setSalt(String) solved the problem on my workspace. now I'm seeing a new salt value at every hitting of "Save as draft".
2015/01/10 22:49、kyle <ky...@bridge9.sakura.ne.jp> のメール:
> Hello Glen,
>
> Thanks for the response.
>
> I think it appears that my previous email was not clear. in my environment, the clock won't restart when I hit save as draft. the clock start ticking at the first time I visit the editing page, it never stops so I can't stay in the editing page over 60 minutes. to restart the clock (to get a new salt), I need 2 steps - move to other page and get back to the editing page. do you mean I should doing so?
>
> 2015/01/10 22:22、Glen <gl...@gmail.com> wrote:
>
>> Hi Kyle, while it probably could be handled more elegantly, your writing would not normally be lost, as you can just hit the back key from your browser to get back to your text. 60 minutes is pretty generous and the clock restarts everytime you hit save draft as you periodically should be doing anyway. We haven't the resources to try to implement google doc style editing within blog entries, at any rate for long term editing you can use your favorite desktop editor and then just copy and paste the html into the roller blog edit field and then publish it.
>>
>> Yes this happens with other containers like Tomcat.
>>
>> Glen
>>
>> -----Original Message-----
>> From: "kyle" <ky...@bridge9.sakura.ne.jp>
>> Sent: 1/10/2015 7:57 AM
>> To: "user@roller.apache.org" <us...@roller.apache.org>
>> Subject: Salt stays same in entryEdit page - is it by design?
>>
>> Hello, I'm running Roller 5.1.1 on WildFly 8.2.0.Final.
>>
>> Recently I got into a problem which is getting status code 500
>> by "javax.servlet.ServletException: Security Violation."
>> at editing page 1 or 2 times per day.
>> it occurs when I push save as draft button.
>>
>> I'm looking into this problem now,
>> then I found that the salt value in the editing page stays same
>> while I'm writing content and pushing save button sometimes.
>> I mean this element in the form:
>> <input type="hidden" name="salt" value="8l4wTyF0LBKuhJLJ5zvU" id="entry_salt"/>
>>
>> I turned on DEBUG logs, then I can see the problem more clearly.
>>
>> DEBUG 2015-01-10 20:52:28,267 SaltCache:put - PUT 8l4wTyF0LBKuhJLJ5zvU
>> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
>> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
>> ...snip...
>> DEBUG 2015-01-10 21:51:49,744 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
>> DEBUG 2015-01-10 21:53:14,173 ExpiringLRUCacheImpl:get - EXPIRED [8l4wTyF0LBKuhJLJ5zvU]
>> DEBUG 2015-01-10 21:53:14,173 SaltCache:get - MISS 8l4wTyF0LBKuhJLJ5zvU
>>
>> And, after some investigating I found that
>> all salts will be expired in 60 minutes after creation.
>> thus, I can't stay at editing page over 60 minutes.
>> If I overstayed, then I can't save my draft anymore
>> and got "Security Violation".
>>
>> Is it expected behavior?
>> or it might be a WildFly specific problem?
>>
>> Also I posted about the problem:
>> http://www.nailedtothex.org/roller/kyle/entry/debugging-roller-s-salt-processing
>>
>> Thanks.
>
>
Re: Salt stays same in entryEdit page - is it by design?
Posted by kyle <ky...@bridge9.sakura.ne.jp>.
Hello Glen,
Thanks for the response.
I think it appears that my previous email was not clear. in my environment, the clock won't restart when I hit save as draft. the clock start ticking at the first time I visit the editing page, it never stops so I can't stay in the editing page over 60 minutes. to restart the clock (to get a new salt), I need 2 steps - move to other page and get back to the editing page. do you mean I should doing so?
2015/01/10 22:22、Glen <gl...@gmail.com> wrote:
> Hi Kyle, while it probably could be handled more elegantly, your writing would not normally be lost, as you can just hit the back key from your browser to get back to your text. 60 minutes is pretty generous and the clock restarts everytime you hit save draft as you periodically should be doing anyway. We haven't the resources to try to implement google doc style editing within blog entries, at any rate for long term editing you can use your favorite desktop editor and then just copy and paste the html into the roller blog edit field and then publish it.
>
> Yes this happens with other containers like Tomcat.
>
> Glen
>
> -----Original Message-----
> From: "kyle" <ky...@bridge9.sakura.ne.jp>
> Sent: 1/10/2015 7:57 AM
> To: "user@roller.apache.org" <us...@roller.apache.org>
> Subject: Salt stays same in entryEdit page - is it by design?
>
> Hello, I'm running Roller 5.1.1 on WildFly 8.2.0.Final.
>
> Recently I got into a problem which is getting status code 500
> by "javax.servlet.ServletException: Security Violation."
> at editing page 1 or 2 times per day.
> it occurs when I push save as draft button.
>
> I'm looking into this problem now,
> then I found that the salt value in the editing page stays same
> while I'm writing content and pushing save button sometimes.
> I mean this element in the form:
> <input type="hidden" name="salt" value="8l4wTyF0LBKuhJLJ5zvU" id="entry_salt"/>
>
> I turned on DEBUG logs, then I can see the problem more clearly.
>
> DEBUG 2015-01-10 20:52:28,267 SaltCache:put - PUT 8l4wTyF0LBKuhJLJ5zvU
> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
> DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
> ...snip...
> DEBUG 2015-01-10 21:51:49,744 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
> DEBUG 2015-01-10 21:53:14,173 ExpiringLRUCacheImpl:get - EXPIRED [8l4wTyF0LBKuhJLJ5zvU]
> DEBUG 2015-01-10 21:53:14,173 SaltCache:get - MISS 8l4wTyF0LBKuhJLJ5zvU
>
> And, after some investigating I found that
> all salts will be expired in 60 minutes after creation.
> thus, I can't stay at editing page over 60 minutes.
> If I overstayed, then I can't save my draft anymore
> and got "Security Violation".
>
> Is it expected behavior?
> or it might be a WildFly specific problem?
>
> Also I posted about the problem:
> http://www.nailedtothex.org/roller/kyle/entry/debugging-roller-s-salt-processing
>
> Thanks.
RE: Salt stays same in entryEdit page - is it by design?
Posted by Glen <gl...@gmail.com>.
Hi Kyle, while it probably could be handled more elegantly, your writing would not normally be lost, as you can just hit the back key from your browser to get back to your text. 60 minutes is pretty generous and the clock restarts everytime you hit save draft as you periodically should be doing anyway. We haven't the resources to try to implement google doc style editing within blog entries, at any rate for long term editing you can use your favorite desktop editor and then just copy and paste the html into the roller blog edit field and then publish it.
Yes this happens with other containers like Tomcat.
Glen
-----Original Message-----
From: "kyle" <ky...@bridge9.sakura.ne.jp>
Sent: 1/10/2015 7:57 AM
To: "user@roller.apache.org" <us...@roller.apache.org>
Subject: Salt stays same in entryEdit page - is it by design?
Hello, I'm running Roller 5.1.1 on WildFly 8.2.0.Final.
Recently I got into a problem which is getting status code 500
by "javax.servlet.ServletException: Security Violation."
at editing page 1 or 2 times per day.
it occurs when I push save as draft button.
I'm looking into this problem now,
then I found that the salt value in the editing page stays same
while I'm writing content and pushing save button sometimes.
I mean this element in the form:
<input type="hidden" name="salt" value="8l4wTyF0LBKuhJLJ5zvU" id="entry_salt"/>
I turned on DEBUG logs, then I can see the problem more clearly.
DEBUG 2015-01-10 20:52:28,267 SaltCache:put - PUT 8l4wTyF0LBKuhJLJ5zvU
DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
DEBUG 2015-01-10 20:52:37,924 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
...snip...
DEBUG 2015-01-10 21:51:49,744 SaltCache:get - HIT 8l4wTyF0LBKuhJLJ5zvU
DEBUG 2015-01-10 21:53:14,173 ExpiringLRUCacheImpl:get - EXPIRED [8l4wTyF0LBKuhJLJ5zvU]
DEBUG 2015-01-10 21:53:14,173 SaltCache:get - MISS 8l4wTyF0LBKuhJLJ5zvU
And, after some investigating I found that
all salts will be expired in 60 minutes after creation.
thus, I can't stay at editing page over 60 minutes.
If I overstayed, then I can't save my draft anymore
and got "Security Violation".
Is it expected behavior?
or it might be a WildFly specific problem?
Also I posted about the problem:
http://www.nailedtothex.org/roller/kyle/entry/debugging-roller-s-salt-processing
Thanks.