roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (ROL-1818) Testing login with https switched on
Date Thu, 05 Mar 2015 03:26:40 GMT

     [ https://issues.apache.org/jira/browse/ROL-1818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Glen Mazza closed ROL-1818.
---------------------------
    Resolution: Cannot Reproduce

Greg noted today on the mailing list he hasn't seen this error "for ages" now.  I believe
I was talking about something else in my comment, if it occurs to me again I'll create a new
issue with something reproducible.

> Testing login with https switched on
> ------------------------------------
>
>                 Key: ROL-1818
>                 URL: https://issues.apache.org/jira/browse/ROL-1818
>             Project: Apache Roller
>          Issue Type: Test
>          Components: User Interface - General
>    Affects Versions: 5.0
>            Reporter: Greg Huber
>            Assignee: Greg Huber
>            Priority: Minor
>
> Hello, 
> I have noticed that on the login when https is swithed on and every now and then we get
a access denied page after logging on, thrown from the UISecurityInterceptor:
>  User authenticatedUser = ((UIAction)theAction).getAuthenticatedUser();
>  if(authenticatedUser == null) {
>                 log.debug("DENIED: required user not found");
>          return "access-denied";
>   } 
> because the getAuthenticatedUser(); is null, and tracing this back the request.getUserPrincipal();
from the rollersession is null.
> It seems to be something when the session is swithed over from https back to http, as
it does not happen when the https is off.
> I have tried to do some debugging but have not been able to pin point where it goes wrong
as its not consistant.  Also if the session times out (tomcat),  sometimes the login does
not work with the same access-deinied page.
> Stranger, if there is code in the SchemeEnforcementFilter for the https, ie always a
session it does not happen (as yet!).
> HttpSession session = req.getSession(false);
> if (session == null) {
>   session = req.getSession(true);
> }
> Further investigation is needed on this.
> Cheers Greg



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message