Return-Path: Delivered-To: apmail-roller-commits-archive@www.apache.org Received: (qmail 29931 invoked from network); 16 Jun 2009 13:43:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 16 Jun 2009 13:43:23 -0000 Received: (qmail 59716 invoked by uid 500); 16 Jun 2009 13:43:34 -0000 Delivered-To: apmail-roller-commits-archive@roller.apache.org Received: (qmail 59689 invoked by uid 500); 16 Jun 2009 13:43:34 -0000 Mailing-List: contact commits-help@roller.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@roller.apache.org Delivered-To: mailing list commits@roller.apache.org Received: (qmail 59680 invoked by uid 99); 16 Jun 2009 13:43:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Jun 2009 13:43:34 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Jun 2009 13:43:32 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 63FBE234C04B for ; Tue, 16 Jun 2009 06:43:07 -0700 (PDT) Message-ID: <2074436220.1245159787408.JavaMail.jira@brutus> Date: Tue, 16 Jun 2009 06:43:07 -0700 (PDT) From: "Greg Huber (JIRA)" To: commits@roller.apache.org Subject: [jira] Created: (ROL-1818) Testing login with https switched on MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org Testing login with https switched on ------------------------------------ Key: ROL-1818 URL: https://issues.apache.org/jira/browse/ROL-1818 Project: Roller Issue Type: Test Components: User Interface - General Affects Versions: 5.0 Reporter: Greg Huber Assignee: Roller Unassigned Priority: Minor Hello, I have noticed that on the login when https is swithed on and every now and then we get a access denied page after logging on, thrown from the UISecurityInterceptor: User authenticatedUser = ((UIAction)theAction).getAuthenticatedUser(); if(authenticatedUser == null) { log.debug("DENIED: required user not found"); return "access-denied"; } because the getAuthenticatedUser(); is null, and tracing this back the request.getUserPrincipal(); from the rollersession is null. It seems to be something when the session is swithed over from https back to http, as it does not happen when the https is off. I have tried to do some debugging but have not been able to pin point where it goes wrong as its not consistant. Also if the session times out (tomcat), sometimes the login does not work with the same access-deinied page. Stranger, if there is code in the SchemeEnforcementFilter for the https, ie always a session it does not happen (as yet!). HttpSession session = req.getSession(false); if (session == null) { session = req.getSession(true); } Further investigation is needed on this. Cheers Greg -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.