1025763 – Login page with invalid credentials message remains displayed even after successfull login

Bug 1025763 - Login page with invalid credentials message remains displayed even after successfull login

Summary: Login page with invalid credentials message remains displayed even after succ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss BPMS Platform 6
Classification:	Retired
Component:	BAM
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	ER5
Target Release:	6.0.0
Assignee:	Roger Martínez
QA Contact:	Jan Hrcek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-01 13:40 UTC by Jan Hrcek
Modified:	2014-08-06 20:08 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Invalid redirection when login failed. Consequence: User was never redirected to home page. Fix: Change the redirect URL when login failed. Result: User is redirected to home page after a failed and successful login.
Clone Of:
Environment:
Last Closed:	2014-08-06 20:08:34 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
Steps to reproduce - video (1.21 MB, video/webm) 2013-11-01 13:40 UTC, Jan Hrcek	no flags	Details
View All

Description Jan Hrcek 2013-11-01 13:40:03 UTC

Created attachment 818293 [details]
Steps to reproduce - video

Description of problem:
When you login with invalid credentials, you get a page with 'Login failed: Invalid UserName or Password'. When, after that, you enter correct credentials on that same page, the application stays on the page with error and does not take you to home page. The only way to navigate to homepage after that is to delete end of URL after 'dashbuilder'

Version-Release number of selected component (if applicable):
BPMS 6.0.0 ER4

How reproducible:
always

Steps to Reproduce:
1. go to dashbuilder login page
2. enter invalid credentials and click log in (you shoud get error message)
3. while still on the same page, enter VALID credentials and click login

Actual results:
You remain on the login page with error displayed. To get to login page you have to erase part of URL followin root context 'dashbuilder'.

Expected results:
After entering valid credentials you should be logged in successfully.

Additional info:
Observe the steps to reproduce in video. In the video I first login with nonexistent user - error is displayed - then I login with correct user - error still displayed - to get to homepage i must edit URL

Comment 1 Roger Martínez 2013-11-04 21:21:12 UTC

I can reproduce it in the last master branch version, but:

- It does NOT fail in standalone demo mode (jetty).
- It fails using the AS7 distribution (EAP)
- I cannot try if it fails in tomcat due to this reported BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1026516

So, I'm fixing it for the AS7 distribution (dashbuilder-jboss-as7.war).

Comment 2 Roger Martínez 2013-11-05 18:04:19 UTC

The problem was due to the login form authentication strategy. 

Dashbulder defines a login error page that redirect to login.jsp (adding a custom login failed message), when login is failed. 

So, the container is always reidrecting to login.jsp after a failed login.

To fix it, login error page is now redirecting to context root path, so when the user login to the application with the correct credentials, he's redirected to the home page.

This issue was only happening in EAP, not in jetty, so another option is that EAP form login implenentation is not correct... IDK. Anyway, this issue is resolved and working now.

Thanks

Commits - master
================

- https://github.com/droolsjbpm/dashboard-builder/commit/bb41824b0ca091c29255952d157ed1ee6d9f9cbf

Commits - 6.0.X
================

- https://github.com/droolsjbpm/dashboard-builder/commit/a5009ae3110456ee206f4bd50af6efbc2908e8ff

Comment 3 Jan Hrcek 2013-11-29 12:38:11 UTC

Verified with BPMS 6.0.0 ER5 deployed on EAP 6.1.1

Note You need to log in before you can comment on or make changes to this bug.