geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-5662) j_security_check 404 not found against security realm authentication
Date Thu, 04 Nov 2010 02:10:42 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-5662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ivan updated GERONIMO-5662:
---------------------------

    Attachment: ie.txt
                after-ff.txt
                before-ff.txt

I investigated this issue a bit, it is related to cache, but the reason why it works on IE,
not on Firefox is due to the header : if-modified-since
Comparing the request headers, Firefox does post the request as expected, but a header "if-modified-since"
is added, and the server returns Not Modified directly. And with IE, it did not send that
header by default ( need to configure it on the IE -> options ). The reason why adding
the no-store works is that it prevents Firefox adding the "if-modified-since" header. 
In my opinion, the root cause is that we failed to recover the stored request in the formauthenticator.

I committed some changes to trunk at rev.1030801


> j_security_check 404 not found against security realm authentication
> --------------------------------------------------------------------
>
>                 Key: GERONIMO-5662
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5662
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 3.0
>         Environment: OS:Windows XP SP3
> Java Version: 1.6.0_20
> Server:Geronimo 3.0-SNAPSHOT 
>            Reporter: Zhen Zhang
>            Assignee: viola.lu
>            Priority: Minor
>             Fix For: 3.0
>
>         Attachments: after-ff.txt, before-ff.txt, G5662.patch, G5662_New.patch, ie.txt,
VerifyReplaceDefaultSecurityRealm-SEC001.zip
>
>
> setps to recur:
> 1. start the Geronimo server, and then open the admin console. 
> 2.In security realms portlet, click on "Add new security realm" link.
> 3.Select realm name and use "test-prop-file-realm" for realm-name, and then select Properties
File Realm and click on "Next" button.
>   
> 4.Enter Users File URI (var/security/users.properties) and Groups File URI ( var/security/groups.properties)
and click on "Next" button.
>   
> 5.Click on "Skip Test and Deploy" button.
> 6. Check the  realm named  "test-prop-file-realm"  should be listed in the security realms
portlet.
> 7.Deploy geronimo-ldap-demo-1.1.war using plan file prop-file-realm-tester.xml and access
the application at http://localhost:8080/prop-file-realm-test
> 8.Access "Protect" link to verify that the realm is functional.Input  username:system,
password: manager
> 9.Login page just refreshed, not redirect to /protect/hello.html  success page. And click
"login" again, got an 404 not found error. This problem exists on Firefox and chrome, fine
on IE

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message