Testing login with https switched on
------------------------------------
Key: ROL-1818
URL: https://issues.apache.org/jira/browse/ROL-1818
Project: Roller
Issue Type: Test
Components: User Interface - General
Affects Versions: 5.0
Reporter: Greg Huber
Assignee: Roller Unassigned
Priority: Minor
Hello,
I have noticed that on the login when https is swithed on and every now and
then we get a access denied page after logging on, thrown from the
UISecurityInterceptor:
User authenticatedUser = ((UIAction)theAction).getAuthenticatedUser();
if(authenticatedUser == null) {
log.debug("DENIED: required user not found");
return "access-denied";
}
because the getAuthenticatedUser(); is null, and tracing this back the
request.getUserPrincipal(); from the rollersession is null.
It seems to be something when the session is swithed over from https back to
http, as it does not happen when the https is off.
I have tried to do some debugging but have not been able to pin point where it
goes wrong as its not consistant. Also if the session times out (tomcat),
sometimes the login does not work with the same access-deinied page.
Stranger, if there is code in the SchemeEnforcementFilter for the https, ie
always a session it does not happen (as yet!).
HttpSession session = req.getSession(false);
if (session == null) {
session = req.getSession(true);
}
Further investigation is needed on this.
Cheers Greg
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
