incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan Pablo Santos Rodríguez (JIRA) <j...@apache.org>
Subject [jira] [Commented] (JSPWIKI-691) Navigation to ./admin/Admin.jsp with a non-authorized user redirects to a blank ./Message.jsp
Date Tue, 10 May 2011 11:52:03 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031131#comment-13031131
] 

Juan Pablo Santos Rodríguez commented on JSPWIKI-691:
-----------------------------------------------------

According to http://old.nabble.com/Validation-errors-lost-on-Redirect-Resolution-to-ActionBean-td18634092.html
RedirectResolution overwrites the action bean throwing away it's data.

I've made a quick-n-dirty test, changing lines 217-221 from LoginActionBean to:

{noformat}
    // If user got here and is already authenticated, it means
    // they just aren't allowed access to what they asked for.
    // Weepy tears and hankies all 'round.
    if( getContext().getWikiSession().isAuthenticated() )
    {
        errors.addGlobalError( new LocalizableError( "login.error.noaccess" ) );
        getContext().getMessages().add( new LocalizableMessage( "login.error.noaccess" ) );
        return new ForwardResolution( MessageActionBean.class );
    }
{noformat}

and, in Message.jsp:
{noformat}
<%@ taglib uri="http://jakarta.apache.org/jspwiki.tld" prefix="wiki" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<%@ taglib uri="http://stripes.sourceforge.net/stripes.tld" prefix="s" %>
<%@ page errorPage="/Error.jsp" %>
<div class="error">
  <c:out value="${message}" />
  <s:messages/>
  <s:errors/>
</div>
<br clear="all" />
{noformat}

Using a ForwardResolution instead of a RedirectResolution makes getContext().getMessages()
available in MessageActionBean, so <s:messages/> works, but doesn't make getContext().getValidationErrors()
available, so <s:errors /> doesn't work. I can't have a look right now to see why errors
aren't getting into MessageActionBean, so I don't know if this would be the right approach
:-?

hth,
juan pablo



> Navigation to ./admin/Admin.jsp with a non-authorized user redirects to a blank ./Message.jsp
> ---------------------------------------------------------------------------------------------
>
>                 Key: JSPWIKI-691
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-691
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 3.0
>            Reporter: Juan Pablo Santos Rodríguez
>            Priority: Minor
>
> Navigation to ./admin/Admin.jsp with a non-authorized user redirects to a blank ./Message.jsp,
whereas in 2.8 you're redirected to error screen.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message