[
https://issues.apache.org/jira/browse/ROL-1818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Glen Mazza closed ROL-1818.
---------------------------
Resolution: Cannot Reproduce
Greg noted today on the mailing list he hasn't seen this error "for ages" now.
I believe I was talking about something else in my comment, if it occurs to me
again I'll create a new issue with something reproducible.
> Testing login with https switched on
> ------------------------------------
>
> Key: ROL-1818
> URL: https://issues.apache.org/jira/browse/ROL-1818
> Project: Apache Roller
> Issue Type: Test
> Components: User Interface - General
> Affects Versions: 5.0
> Reporter: Greg Huber
> Assignee: Greg Huber
> Priority: Minor
>
> Hello,
> I have noticed that on the login when https is swithed on and every now and
> then we get a access denied page after logging on, thrown from the
> UISecurityInterceptor:
> User authenticatedUser = ((UIAction)theAction).getAuthenticatedUser();
> if(authenticatedUser == null) {
> log.debug("DENIED: required user not found");
> return "access-denied";
> }
> because the getAuthenticatedUser(); is null, and tracing this back the
> request.getUserPrincipal(); from the rollersession is null.
> It seems to be something when the session is swithed over from https back to
> http, as it does not happen when the https is off.
> I have tried to do some debugging but have not been able to pin point where
> it goes wrong as its not consistant. Also if the session times out (tomcat),
> sometimes the login does not work with the same access-deinied page.
> Stranger, if there is code in the SchemeEnforcementFilter for the https, ie
> always a session it does not happen (as yet!).
> HttpSession session = req.getSession(false);
> if (session == null) {
> session = req.getSession(true);
> }
> Further investigation is needed on this.
> Cheers Greg
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
