wicket-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Grigorov (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WICKET-5140) InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards
Date Fri, 26 Apr 2013 15:08:15 GMT

     [ https://issues.apache.org/jira/browse/WICKET-5140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Martin Grigorov updated WICKET-5140:
------------------------------------

    Fix Version/s: 1.5.11
    
> InterceptData never gets cleared from session after continueToOriginalDestination is
called and another page is requested afterwards
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WICKET-5140
>                 URL: https://issues.apache.org/jira/browse/WICKET-5140
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.10
>            Reporter: Dirk Forchel
>            Assignee: Martin Grigorov
>            Priority: Critical
>             Fix For: 6.8.0, 1.5.11
>
>
> We have the same problem as earlier described by Chris in WICKET-4500:
> "The above fix is great but we've run into another problem. If an admin user attempts
to go to a restricted page and gets redirected via a RedirectToInterceptException but then
decides not to log on but then goes to the normal home page authentication and then successfully
logs on as a standard user that authentication will redirect to where the admin initially
wanted to go to - because they never authenticated as admin continueToOriginalDestination
was never called and so Wicket still thinks that when continueToOriginalDestination is called
after the standard user's authentication that it needs to redirect to the original admin page...
fun!
> Would it be possible to introduce an explicit 'clearRedirect' method so that when the
home page does a RestartResponseException to redirect to the standard user authentication
page it can, at the same time, do a 'clearRedirect' so that a subsequent call to continueToOriginalDestination
does not attempt to go to the admin page.
> I can't remove the continueToOriginalDestination from the standard user authentication
page because it is still required to perform a continue when it was reached by a RedirectToIntercepException
from restricted pages other than the home page. "

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message