ICEfaces
  1. ICEfaces
  2. ICE-2119

ServletEnvironmentRequest wraps only the frist HttpServletRequest in session

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 1.6.1
          • Fix Version/s: 1.6.2, 1.7DR#3, 1.7
          • Component/s: None
          • Labels:
            None
          • Environment:
            Windows XP SP2
            Java 1.5
            WebLogic 9.2

            Description

            ServletEnvironmentRequest wraps only the frist HttpServletRequest in session, and from this came the problem of using isUserInRole from ExternalContext
            when using JAAS security (not Acegi).
            I've observed that when in web.xml I add login-config with auth-method set to BASIC IceFaces wraps in ServletEnvironmentRequest first request which is simply a request to access an application without loaded users roles. After this first reqest server sends information about authorization, and if it success the second requst will have all information about roles and pricipals.
            I thinkt that even wrapping only the frist request won't causes this bug it should be always actualized, so developer can access current request not the one from starting the session.
            1. Text File
              patch.txt
              1 kB
              Marcin Dabrowski

              Activity

              Repository Revision Date User Message
              ICEsoft Public SVN Repository #15048 Tue Oct 30 14:57:36 MDT 2007 mircea.toma Introduce abstraction (AuthenticationVerifier) backed by JAAS or ACEGI implementations. JAAS implementation uses the active request to check user's role.
              ICE-2119
              Files Changed
              Commit graph MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/webapp/http/portlet/PortletExternalContext.java
              Commit graph MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/env/AcegiAuthWrapper.java
              Commit graph MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/env/ServletEnvironmentRequest.java
              Commit graph MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/context/View.java
              Commit graph MODIFY /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletExternalContext.java
              Commit graph ADD /icefaces/branches/icefaces-1.6/icefaces/core/src/com/icesoft/faces/env/AuthenticationVerifier.java
              Repository Revision Date User Message
              ICEsoft Public SVN Repository #15041 Mon Oct 29 12:11:29 MDT 2007 mircea.toma Introduce abstraction (AuthenticationVerifier) backed by JAAS or ACEGI implementations. JAAS implementation uses the active request to check user's role.
              ICE-2119
              Files Changed
              Commit graph ADD /icefaces/trunk/icefaces/core/src/com/icesoft/faces/env/AuthenticationVerifier.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/servlet/ServletExternalContext.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/env/ServletEnvironmentRequest.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/env/AcegiAuthWrapper.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/View.java
              Commit graph MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/portlet/PortletExternalContext.java

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Marcin Dabrowski
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: