Bug 739803

Summary:	Clicking 'Translate' when not authenticated displays generic error
Product:	[Retired] Zanata	Reporter:	David Mason <damason>
Component:	Component-UI	Assignee:	David Mason <damason>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Ding-Yi Chen <dchen>
Severity:	low	Docs Contact:
Priority:	unspecified
Version:	1.4	CC:	sflaniga, zanata-bugs
Target Milestone:	Sprint-27
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	1.4-alpha-2-SNAPSHOT (20110922-1647)	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-10-28 07:35:28 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description David Mason 2011-09-20 05:01:56 UTC

Description of problem:

If a user logs out or their login times out, but they click a 'Translate' link (on a page that has not refreshed), a white page with "An unexpected Error occurred: 500 The call failed on the server; see server log for details" only.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Sign in
2.Navigate to a project page that has a 'Translate' link
3.Open another zanata window and click 'Sign Out'
4.Return to page with 'Translate' link and click it


  
Actual results:
New white page with small text "An unexpected Error occurred: 500 The call failed on the server; see server log for details"



Expected results:
User directed to sign-in page, +/- shown a 'you are not logged in' error.


Additional info:
Stack trace on server:

14:58:48,301 ERROR [[/zanata]] Exception while dispatching incoming RPC call
com.google.gwt.user.client.rpc.SerializationException: Type 'java.lang.SecurityException' was not included in the set of types which can be serialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be serialized.: instance = java.lang.SecurityException: Blocked action without session id (CSRF attack?)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serialize(ServerSerializationStreamWriter.java:614)
	at com.google.gwt.user.client.rpc.impl.AbstractSerializationStreamWriter.writeObject(AbstractSerializationStreamWriter.java:126)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter$ValueWriter$8.write(ServerSerializationStreamWriter.java:152)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serializeValue(ServerSerializationStreamWriter.java:534)
	at com.google.gwt.user.server.rpc.RPC.encodeResponse(RPC.java:616)
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:390)
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:368)
	at org.jboss.seam.remoting.gwt.GWTService.RPC_invokeAndEncodeResponse(GWTService.java:570)
	at org.jboss.seam.remoting.gwt.GWTService.processCall(GWTService.java:206)
	at org.jboss.seam.remoting.gwt.GWTService$1.process(GWTService.java:120)
	at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
	at org.jboss.seam.remoting.gwt.GWTService.getResource(GWTService.java:105)
	at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
	at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
	at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
	at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
	at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:662)

Comment 1 David Mason 2011-09-22 07:08:32 UTC

Fixed in 1.4 and 1.5 https://github.com/zanata/zanata/compare/09ed9d8d6e2bc72de98782852bffcdd4523c8b6b...738c515ba58a8b8b1228267ec05489de719caab0

Comment 2 David Mason 2011-09-22 07:15:17 UTC

Fix also includes updated style for webtrans errors. To see this:

1. sign in and open a workspace
2. add some random letters to the value after "project=" in the url to make an invalid project name
3. navigate to the modified url

Actual results:
Error is now easy to see and looks like an error.

Comment 3 David Mason 2011-09-22 07:19:06 UTC

added hours worked

Comment 4 Ding-Yi Chen 2011-09-23 00:01:14 UTC

VERIFIED with Zanata version 1.4-alpha-2-SNAPSHOT (20110922-1647)