You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ThomasGrundey <tg...@techmatrix.de> on 2003/06/12 14:04:35 UTC
Fw: Very long URL in portlet causes problems in the security mechanism
----- Original Message -----
From: "ThomasGrundey" <tg...@techmatrix.de>
To: <je...@jakarta.apache.org>
Sent: Thursday, June 12, 2003 12:02 PM
Subject: Very long URL in portlet causes problems in the security mechanism
> I have several JSP Portlets build in the following way:
>
> 1. A portlet has a FORM entry like
>
> <FORM method=GET action="<jetspeed:portletlink jspeid= '<%= id %>' />">
>
> <INPUT type=hidden name='tm_event' value='otsearchOrders'>
>
> I use my own adapted implementation of JspPortlet which uses the value
> (like 'otsearchOrders') to find out which JSP-File to call.
>
> 2. The called JSP-File reads the request data and does some processing
>
> Some portlets build that way work fine, others not. I get the message
> "You do not habe access to this portlet"
>
> Further inspection shows:
> The portlets with problems have a very long URL like
> http://localhost:8080/jetspeed/portal/user/tg/page/default.psml
> /js_peid/P-f54a4dba63-10002/media-type/html?tm_event=otsearch
> &orderNr=&orderTypeId=-100&status=alle+Stati&startDate=01.01.01
> &stopDate=11.06............
>
> When I manually delete enough characters in the browser I do not get
> the message anymore (but of course my application needs the long URL).
>
> Using a debugger I found out that in
> RegistryAccessController.java method checkPermission the value for
> owner is null when a have a very long URL and a value of "tg" when
> the URL is shorter.
> I also tried to use POST instead of GET with the same result.
> Something seems to go wrong when a very long url is parsed to get
> the owner.
>
> Does anybody know how to avoid this?
>
> I am using 1.4b3 with mysql
>
> Thanks in advance
> Thomas Grundey
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org