[
https://issues.apache.org/jira/browse/TAP5-607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695840#action_12695840
]
Borut Bolcina commented on TAP5-607:
------------------------------------
At http://tapestry.apache.org/tapestry5/guide/pagenav.html section "URL
response" it states:
"A URL is handled as a client redirect to an external URL."
So this is a client side redirect, which is exactly what I do NOT want because
the Tomcat log files would reveal username and password in plain text which is
not acceptable from security point. I want to perform a server side redirect
(forward) to a non Tapestry page.
> requestDispatcher.forward causes ComponentEventException
> --------------------------------------------------------
>
> Key: TAP5-607
> URL: https://issues.apache.org/jira/browse/TAP5-607
> Project: Tapestry 5
> Issue Type: Bug
> Components: tapestry-core
> Affects Versions: 5.0.18
> Reporter: Borut Bolcina
> Assignee: Howard M. Lewis Ship
>
> I want to forward a request to /j_spring_security_check to authenticate the
> user.
> void onSuccess() {
> logger.info("onSuccess");
>
> Request request = requestGlobals.getRequest();
> String url = request.getContextPath() + checkUrl + "?j_username=" +
> username + "&j_password=" + password;
> logger.info("onSuccess() url="+url);
> RequestDispatcher requestDispatcher =
> requestGlobals.getHTTPServletRequest().getRequestDispatcher(url);
>
> try {
> logger.info("onSuccess() : before forward");
> requestDispatcher.forward(requestGlobals.getHTTPServletRequest(),
> requestGlobals.getHTTPServletResponse());
> logger.info("onSuccess() : after forward");
> } catch (ServletException e) {
> logger.error("ServletException : " + e.getMessage());
> } catch (IOException e) {
> logger.error("IOException : " + e.getMessage());
> }
> }
> Stack trace:
> INFO [27 mar 2009 09:36:49.049] [Login] onSuccess() : after forward
> ERROR [27 mar 2009 09:36:49.064] [DefaultRequestExceptionHandler]
> Processing of request failed with uncaught exception:
> org.apache.tapestry5.runtime.ComponentEventException
> org.apache.tapestry5.runtime.ComponentEventException [at
> classpath:si/najdi/identity/server/pages/Login.tml, line 11, column
> 45]
> at
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1076)
> at
> org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:68)
> at
> org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42)
> at
> $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
> at
> org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42)
> at
> $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
> at
> org.apache.tapestry5.services.TapestryModule$44.handle(TapestryModule.java:2105)
> at
> $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
> at
> $ComponentEventRequestHandler_1204712cf9f.handle($ComponentEventRequestHandler_1204712cf9f.java)
> at
> org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:127)
> at $Dispatcher_1204712cfa2.dispatch($Dispatcher_1204712cfa2.java)
> at $Dispatcher_1204712cf94.dispatch($Dispatcher_1204712cf94.java)
> at
> org.apache.tapestry5.services.TapestryModule$17.service(TapestryModule.java:1029)
> at
> org.apache.tapestry5.internal.services.LocalizationFilter.service(LocalizationFilter.java:42)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper$1.doFilter(RequestFilterWrapper.java:60)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper.service(RequestFilterWrapper.java:55)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:621)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:611)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:93)
> at
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:84)
> at
> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:83)
> at
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:106)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> $RequestHandler_1204712cf8b.service($RequestHandler_1204712cf8b.java)
> at
> org.apache.tapestry5.services.TapestryModule$16.service(TapestryModule.java:1007)
> at
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> at
> $HttpServletRequestFilter_1204712cf8a.service($HttpServletRequestFilter_1204712cf8a.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at
> org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf88.service($HttpServletRequestFilter_1204712cf88.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf87.service($HttpServletRequestFilter_1204712cf87.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf86.service($HttpServletRequestFilter_1204712cf86.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf85.service($HttpServletRequestFilter_1204712cf85.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf84.service($HttpServletRequestFilter_1204712cf84.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf83.service($HttpServletRequestFilter_1204712cf83.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> $HttpServletRequestHandler_1204712cf82.service($HttpServletRequestHandler_1204712cf82.java)
> at
> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:179)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
> at
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
> at
> org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:324)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:879)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:741)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:213)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)
> Caused by: java.util.NoSuchElementException
> at java.util.LinkedList.remove(LinkedList.java:788)
> at java.util.LinkedList.removeFirst(LinkedList.java:134)
> at
> org.apache.tapestry5.internal.services.EnvironmentImpl.pop(EnvironmentImpl.java:83)
> at $Environment_1204712cfe3.pop($Environment_1204712cfe3.java)
> at $Environment_1204712cf6c.pop($Environment_1204712cf6c.java)
> at
> org.apache.tapestry5.corelib.components.Form._$advised$onAction(Form.java:421)
> at
> org.apache.tapestry5.corelib.components.Form$onAction$invocation_1204712de20.invokeAdvisedMethod(Form$onAction$invocation_1204712de20.java)
> at
> org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:71)
> at
> org.apache.tapestry5.ioc.internal.services.LoggingAdvice.advise(LoggingAdvice.java:37)
> at
> org.apache.tapestry5.internal.transform.LogWorker$1.advise(LogWorker.java:54)
> at
> org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:80)
> at org.apache.tapestry5.corelib.components.Form.onAction(Form.java)
> at
> org.apache.tapestry5.corelib.components.Form.dispatchComponentEvent(Form.java)
> at
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:894)
> at
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1059)
> ... 97 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
