form based auth and session timeout and post data

Thu, 25 Mar 2004 13:07:52 -0800 

Hi,

 

I've got a struts based app using form based authentication (started out
as xpetstore).

I have a situation where if I'm on a web form protected by role based
security, and the session times out, and then I submit the form, I get
to the login page, login, but then the original form data is lost.

 

According to the log data, it's looking for an ActionForm of a different
name according to whether the session has timed out or not!!!

I thought this stuff was statically configured.

 

When there is no time out, the log looks like this:

2004-03-25 19:40:19,350 INFO  [xpetstore.web.filter.SignOnFilter]
doFilter()

2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
user=bug1b

2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
isSignedIn=true

2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
uri=/MotoringMemorabilia/updateCustomer.jspa

2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
_login=/login.jspa

2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /updateCustomer.jspa

2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default

2004-03-25 19:40:19,350 DEBUG
[org.apache.struts.action.RequestProcessor] Processing a 'POST' for path
'/updateCustomer'

2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]
Looking for ActionForm bean instance in scope 'request' under attribute
key 'existingCustomerForm'

2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]
Creating new ActionForm instance of type
'xpetstore.web.struts.action.customer.ExistingCustomerForm'

2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]  -->
[EMAIL PROTECTED]

2004-03-25 19:40:19,350 DEBUG
[org.apache.struts.action.RequestProcessor]  Storing ActionForm bean
instance in scope 'request' under attribute key 'existingCustomerForm'

2004-03-25 19:40:19,350 DEBUG
[org.apache.struts.action.RequestProcessor]  Populating bean properties
from this request

2004-03-25 19:40:19,360 DEBUG
[org.apache.struts.action.RequestProcessor]  Validating input form
properties

2004-03-25 19:40:19,370 DEBUG
[org.apache.struts.action.RequestProcessor]   No errors detected,
accepting input

2004-03-25 19:40:19,370 DEBUG
[org.apache.struts.action.RequestProcessor]  Looking for Action instance
for class xpetstore.web.struts.action.customer.UpdateCustomerAction

2004-03-25 19:40:19,370 DEBUG
[org.apache.struts.action.RequestProcessor]   Creating new Action
instance

2004-03-25 19:40:19,370 INFO
[xpetstore.web.struts.action.customer.UpdateCustomerAction] execute()

 

 

 

When there is a timeout the log goes like this:

2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils]
Looking for ActionForm bean instance in scope 'request' under attribute
key 'newCustomerForm'

2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils]
Creating new ActionForm instance of type
'xpetstore.web.struts.action.customer.NewCustomerForm'

2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils]  -->
[EMAIL PROTECTED]

2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /index.jsp

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /cart.jspa

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /signon.jspa

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /search.jspa

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Looking for ActionForm bean instance in scope 'request' under attribute
key 'searchForm'

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Creating new ActionForm instance of type
'xpetstore.web.struts.action.product.SearchForm'

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]  -->
[EMAIL PROTECTED]

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /index.jsp

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default

2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /category.jspa?categoryId=SIGNS

 

The relevant action configuration looks like this:

    <action

      path="/updateCustomer"

      type="xpetstore.web.struts.action.customer.UpdateCustomerAction"

      name="existingCustomerForm"

      scope="request"

      input="/myaccount.jsp"

      unknown="false"

      validate="true"

    >

        <set-property

          property="secure"

          value="true"

        />

      <forward

        name="success"

        path="/index.jsp"

        redirect="false"

      />

      <forward

        name="error"

        path="/myaccount.jsp"

        redirect="false"

      />

 

The form that is posted is declared in html like this:

            <form name="existingCustomerForm" method="post"
action="/MotoringMemorabilia/updateCustomer.jspa">

 

I need to understand the interplay between container (form) based
authentication, filters and struts actionservlet.

 

Can anyone shed some light?

 

Thanks

Martin





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to