Fw: Very long URL in portlet causes problems in the security mechanism

[ThomasGrundey <tg...@techmatrix.de>]

----- Original Message ----- 
From: "ThomasGrundey" <tg...@techmatrix.de>
To: <je...@jakarta.apache.org>
Sent: Thursday, June 12, 2003 12:02 PM
Subject: Very long URL in portlet causes problems in the security mechanism


> I have several JSP Portlets build in the following way:
> 
> 1. A portlet has a FORM entry like
> 
> <FORM method=GET action="<jetspeed:portletlink jspeid= '<%= id %>' />">
> 
>     <INPUT type=hidden name='tm_event' value='otsearchOrders'>
> 
> I use my own adapted implementation of JspPortlet which uses the value
> (like 'otsearchOrders') to find out which JSP-File to call.
> 
> 2. The called JSP-File reads the request data and does some processing
> 
> Some portlets build that way work fine, others not. I get the message
> "You do not habe access to this portlet"
> 
> Further inspection shows:
> The portlets with problems have a very long URL like
> http://localhost:8080/jetspeed/portal/user/tg/page/default.psml
> /js_peid/P-f54a4dba63-10002/media-type/html?tm_event=otsearch
> &orderNr=&orderTypeId=-100&status=alle+Stati&startDate=01.01.01
> &stopDate=11.06............
> 
> When I manually delete enough characters in the browser I do not get 
> the message anymore (but of course my application needs the long URL).
> 
> Using a debugger I found out that in 
> RegistryAccessController.java method checkPermission the value for
> owner is null when a have a very long URL and a value of "tg" when
> the URL is shorter.
> I also tried to use POST instead of GET with the same result.
> Something seems to go wrong when a very long url is parsed to get
> the owner. 
> 
> Does anybody know how to avoid this?
> 
> I am using 1.4b3 with mysql
> 
> Thanks in advance 
> Thomas Grundey

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org