739803 – Clicking 'Translate' when not authenticated displays generic error

Bug 739803 - Clicking 'Translate' when not authenticated displays generic error

Summary: Clicking 'Translate' when not authenticated displays generic error

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Zanata
Classification:	Retired
Component:	Component-UI
Sub Component:
Version:	1.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	Sprint-27
Target Release:	---
Assignee:	David Mason
QA Contact:	Ding-Yi Chen
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-20 05:01 UTC by David Mason
Modified:	2011-10-28 07:35 UTC (History)
CC List:	2 users (show)
Fixed In Version:	1.4-alpha-2-SNAPSHOT (20110922-1647)
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-10-28 07:35:28 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description David Mason 2011-09-20 05:01:56 UTC

Description of problem:

If a user logs out or their login times out, but they click a 'Translate' link (on a page that has not refreshed), a white page with "An unexpected Error occurred: 500 The call failed on the server; see server log for details" only.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Sign in
2.Navigate to a project page that has a 'Translate' link
3.Open another zanata window and click 'Sign Out'
4.Return to page with 'Translate' link and click it


  
Actual results:
New white page with small text "An unexpected Error occurred: 500 The call failed on the server; see server log for details"



Expected results:
User directed to sign-in page, +/- shown a 'you are not logged in' error.


Additional info:
Stack trace on server:

14:58:48,301 ERROR [[/zanata]] Exception while dispatching incoming RPC call
com.google.gwt.user.client.rpc.SerializationException: Type 'java.lang.SecurityException' was not included in the set of types which can be serialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be serialized.: instance = java.lang.SecurityException: Blocked action without session id (CSRF attack?)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serialize(ServerSerializationStreamWriter.java:614)
	at com.google.gwt.user.client.rpc.impl.AbstractSerializationStreamWriter.writeObject(AbstractSerializationStreamWriter.java:126)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter$ValueWriter$8.write(ServerSerializationStreamWriter.java:152)
	at com.google.gwt.user.server.rpc.impl.ServerSerializationStreamWriter.serializeValue(ServerSerializationStreamWriter.java:534)
	at com.google.gwt.user.server.rpc.RPC.encodeResponse(RPC.java:616)
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:390)
	at com.google.gwt.user.server.rpc.RPC.encodeResponseForFailure(RPC.java:368)
	at org.jboss.seam.remoting.gwt.GWTService.RPC_invokeAndEncodeResponse(GWTService.java:570)
	at org.jboss.seam.remoting.gwt.GWTService.processCall(GWTService.java:206)
	at org.jboss.seam.remoting.gwt.GWTService$1.process(GWTService.java:120)
	at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
	at org.jboss.seam.remoting.gwt.GWTService.getResource(GWTService.java:105)
	at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
	at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
	at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
	at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
	at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
	at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
	at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
	at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:662)

Comment 1 David Mason 2011-09-22 07:08:32 UTC

Fixed in 1.4 and 1.5 https://github.com/zanata/zanata/compare/09ed9d8d6e2bc72de98782852bffcdd4523c8b6b...738c515ba58a8b8b1228267ec05489de719caab0

Comment 2 David Mason 2011-09-22 07:15:17 UTC

Fix also includes updated style for webtrans errors. To see this:

1. sign in and open a workspace
2. add some random letters to the value after "project=" in the url to make an invalid project name
3. navigate to the modified url

Actual results:
Error is now easy to see and looks like an error.

Comment 3 David Mason 2011-09-22 07:19:06 UTC

added hours worked

Comment 4 Ding-Yi Chen 2011-09-23 00:01:14 UTC

VERIFIED with Zanata version 1.4-alpha-2-SNAPSHOT (20110922-1647)

Note You need to log in before you can comment on or make changes to this bug.