Bug 739803 - Clicking 'Translate' when not authenticated displays generic error
Clicking 'Translate' when not authenticated displays generic error
Status: CLOSED CURRENTRELEASE
Product: Zanata
Classification: Community
Component: Component-UI (Show other bugs)
1.4
Unspecified Unspecified
unspecified Severity low
: Sprint-27
: ---
Assigned To: David Mason
Ding-Yi Chen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-20 01:01 EDT by David Mason
Modified: 2011-10-28 03:35 EDT (History)
2 users (show)

See Also:
Fixed In Version: 1.4-alpha-2-SNAPSHOT (20110922-1647)
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-10-28 03:35:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Mason 2011-09-20 01:01:56 EDT
Description of problem:

If a user logs out or their login times out, but they click a 'Translate' link (on a page that has not refreshed), a white page with "An unexpected Error occurred: 500 The call failed on the server; see server log for details" only.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Sign in
2.Navigate to a project page that has a 'Translate' link
3.Open another zanata window and click 'Sign Out'
4.Return to page with 'Translate' link and click it


  
Actual results:
New white page with small text "An unexpected Error occurred: 500 The call failed on the server; see server log for details"



Expected results:
User directed to sign-in page, +/- shown a 'you are not logged in' error.


Additional info:
Stack trace on server:

14:58:48,301 ERROR [[/zanata]] Exception while dispatching incoming RPC call
com.google.gwt.user.client.rpc.SerializationException: Type 'java.lang.SecurityException' was not included in the set of types which can be serialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be serialized.: instance = java.lang.SecurityException: Blocked action without session id (CSRF attack?)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serialize(ServerSerializationStreamWriter.java:614)
	at com.google.gwt.user.client.rpc.impl.AbstractSerializationStreamWriter.writeObject(AbstractSerializationStreamWriter.java:126)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter$ValueWriter$8.write(ServerSerializationStreamWriter.java:152)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serializeValue(ServerSerializationStreamWriter.java:534)
	at com.google.gwt.user.server.rpc.RPC.encodeResponse(RPC.java:616)
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:390)
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:368)
	at org.jboss.seam.remoting.gwt.GWTService.RPC_invokeAndEncodeResponse(GWTService.java:570)
	at org.jboss.seam.remoting.gwt.GWTService.processCall(GWTService.java:206)
	at org.jboss.seam.remoting.gwt.GWTService$1.process(GWTService.java:120)
	at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
	at org.jboss.seam.remoting.gwt.GWTService.getResource(GWTService.java:105)
	at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
	at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
	at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
	at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
	at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:662)
Comment 2 David Mason 2011-09-22 03:15:17 EDT
Fix also includes updated style for webtrans errors. To see this:

1. sign in and open a workspace
2. add some random letters to the value after "project=" in the url to make an invalid project name
3. navigate to the modified url

Actual results:
Error is now easy to see and looks like an error.
Comment 3 David Mason 2011-09-22 03:19:06 EDT
added hours worked
Comment 4 Ding-Yi Chen 2011-09-22 20:01:14 EDT
VERIFIED with Zanata version 1.4-alpha-2-SNAPSHOT (20110922-1647)

Note You need to log in before you can comment on or make changes to this bug.