Bug 109230
Summary: | redirectToLoginPage fails with https (resin 2.1.4) | ||
---|---|---|---|
Product: | [Retired] Red Hat Web Application Framework | Reporter: | durnez <vdurnez> |
Component: | ui | Assignee: | ccm-bugs-list |
Status: | CLOSED EOL | QA Contact: | Jon Orris <jorris> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 108447 |
Description
durnez
2003-11-05 21:13:19 UTC
a small correction to bug description : ParameterMap method was not given, is is com.arsdifita.web.ParameterMap.setParameter(final String name, final Object value) I also ran into this error. I think the problem is the code throws a LoginSignal within a BaseDispatcherServlet. Unlike BaseServlet, BaseDispatcherServlet doesn't catch the LoginSignal performing the redirect. The only way Crag Wolfe and I have found to get https/ssl working is to edit the requiresLogin method in com.arsdigita.kernel.security.DefaultSecurityHelper to always return false. Not sure why yet. When we did the SSL patches for Hereford, we found the 'requiresLogin' method of SecurityHelper to be problematic too. The whole concept of having a single site-wide class that can decide whether a page requires login or not is the wrong level of granularity - the need for login or otherwise is a per-application requirement. As you see the DefaultSecurityHelper has different behaviour when running under SSL which causes problems & exposes bugs in other places. Thus we removed use of the 'requiresLogin' method from UserContext.java class. Making it always 'return false' has the same effect, since then the conditional in UserContext reduces from if (Util.getSecurityHelper().requiresLogin(m_req)) to if (false) I used the fix suggested by Dan for the FTVI branch (6.0). The changelist is 43792. |