Bug 794364 (JBEPP-1408)

Summary: In some cases, the very first login to /ecmdemo fails
Product: [JBoss] JBoss Enterprise Portal Platform 5 Reporter: Thomas Heute <theute>
Component: unspecifiedAssignee: Thomas Heute <theute>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: epp-bugs
Target Milestone: ---   
Target Release: 5.2.0.CR03   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEPP-1408
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-29 10:05:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Thomas Heute 2011-11-28 09:48:36 UTC 
project_key: JBEPP

A) Use attached patch for InitiateLoginServlet (class comes from EPP code) which ensures lazy initialization of longValidity and so it avoid situation that incorrect portal container "portal" is bound to ExoContainerContext thread-local variable. I think this patch should be applied anyway as bounding bad portal container can have other potential side-effects.

Index: component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java
===================================================================
--- component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java    (revision 6031)
+++ component/web/security/src/main/java/org/exoplatform/web/login/InitiateLoginServlet.java    (revision )
@@ -19,6 +19,7 @@
 
 package org.exoplatform.web.login;
 
+import org.exoplatform.container.RootContainer;
 import org.exoplatform.container.web.AbstractHttpServlet;
 import org.exoplatform.web.security.security.AbstractTokenService;
 import org.exoplatform.web.security.security.CookieTokenService;
@@ -53,10 +54,6 @@
    public static final String COOKIE_NAME = "rememberme";
 
    /** . */
-   public static final long LOGIN_VALIDITY =
-           1000 * TicketConfiguration.getInstance(TicketConfiguration.class).getValidityTime();
-
-   /** . */
    private WCIController wciController;
 
    /** . */
@@ -112,7 +109,7 @@
       else
       {
          // WCI authentication
-         servletContainer.login(req, resp, credentials, LOGIN_VALIDITY, wciController.getInitialURI(req));
+         servletContainer.login(req, resp, credentials, getLoginValidity(), wciController.getInitialURI(req));
       }
    }
 
@@ -158,4 +155,9 @@
       }
       return wciController;
    }
+
+   private long getLoginValidity()
+   {
+      return 1000 * TicketConfiguration.getInstance(TicketConfiguration.class).getValidityTime();
-}
+   }
+}


This would also be better to remove the workaround JBEPP-1407
Comment 1 Thomas Heute 2011-11-28 09:48:48 UTC 
Link: Added: This issue is related to JBEPP-1407