Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 2.0-Beta1
-
Fix Version/s: 2.0.0
-
Component/s: Bridge
-
Labels:None
-
Environment:ICEfaces 2.0, form-based authentication
-
Workaround Exists:Yes
-
Workaround Description:Add dispose-window.icefaces.jsf to the Unsecured constraint.
Description
When "Form Based" authentication is used, using contained based validation via "j_security_check", once the user logs in, the page is redirected to "http://xxxxxx/yy/dispose-window.icefaces.jsf, URL instead of the original request.
Activity
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #22437 | Mon Sep 27 13:23:24 MDT 2010 | ted.goddard | patch for |
Files Changed | ||||
ADD
/icefaces2/scratchpads/patches/ICE-6071
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #22438 | Mon Sep 27 13:30:43 MDT 2010 | ted.goddard | disabled dispose-window for customer evaluation ( |
Files Changed | ||||
MODIFY
/icefaces2/scratchpads/patches/ICE-6071/icefaces/core/src/main/javascript/application.js
|
Ted Goddard
created issue -
Tyler Johnson
made changes -
Field | Original Value | New Value |
---|---|---|
Salesforce Case | [5007000000DZ3qN] |
Ted Goddard
made changes -
Component/s | Bridge [ 10011 ] | |
Fix Version/s | 2.0.0 [ 10230 ] | |
Affects Version/s | 2.0-Beta1 [ 10231 ] | |
Assignee | Ted Goddard [ ted.goddard ] |
Ted Goddard
made changes -
Workaround Description | Add dispose-window.icefaces.jsf to the Unsecured constraint. | |
Workaround Exists | [Yes] |
Ken Fyten
made changes -
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Ken Fyten
made changes -
Status | Resolved [ 5 ] | Closed [ 6 ] |
The patch checked in for this bug is not intended to be a final version, just a simple way to evaluate if the application is functional with dispose-window deactivated. If the application does not use push or window scope, there should be no drawback.
One strategy would be to use a standard postback for dispose-window rather than the custom "resource". This would cause the URL to be unchanged, however, might also result in unintentional redirection to the current page after login.
Another technique would be to disable dispose-window after the browser receives a session-expired. This would only work in push applications, though.