[
https://issues.apache.org/jira/browse/WICKET-4251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Grigorov updated WICKET-4251:
------------------------------------
Attachment: WICKET-4251.patch
Here is a patch that solves the problem.
Details:
the form is submitted with Ajax via iframe, then Wicket detects that the
session has expired and redirects to the login page and stores the "original
destination" (url and post parameters).
After this redirect the requests are no more Ajax!
Since there is a "remember me" cookie the login page automatically
re-authenticates and redirects to the original destination (again in non-Ajax
request). Here we use the stored url and post parameters and try to redirect
but "wicket-ajax=true" parameter confuses the logic in
ServletWebResponse#sendRedirect() and XML response (<redirect>...</redirect>)
is generated instead of normal redirect.
@Igor: I'm assigning the ticket to you to check whether the logic to filter
these special parameters is OK to be there. We already have similar logic in
UrlInfo class. Maybe this should be extracted in one common place and reused ?
Where is this place ?!
Another observation: WebRequest.isAjax() is called many times in request's
lifetime. Is it safe to lazy evaluate this boolean and cache it ?
> Multipart Form and AjaxSubmitLink will result in invalid redirect after user
> session expires
> --------------------------------------------------------------------------------------------
>
> Key: WICKET-4251
> URL: https://issues.apache.org/jira/browse/WICKET-4251
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.3
> Environment: JDK_1.6_027/Windows/Linux/Explorer/Chrome/Firefox
> Reporter: Tom Rixom
> Assignee: Martin Grigorov
> Attachments: WICKET-4251.patch, myproject.rar
>
>
> Hi,
> I have hit an issue similar to this one:
> https://issues.apache.org/jira/browse/WICKET-3141
> I do not receive any errors from Wicket itself to help clarify, so I will try
> to explain using an example.
> The example below with which I could recreate the issue uses the default
> SignInPanel (in my LoginPage.clas) and AuthenticatedWebSession to
> authenticate the user and store the session:
> protected Class<? extends WebPage> getSignInPageClass()
> {
> return LoginPage.class;
> }
> If the authentiation is succesfull then the user is redirect back to the test
> page:
> protected void onSignInSucceeded() {
> setResponsePage(Test.class);
> }
> So far so good. However if I use a form with setMultiPart(true) in
> combination with an AjaxSubmitLink as shown in the following piece of code:
> import org.apache.wicket.ajax.AjaxRequestTarget;
> import org.apache.wicket.ajax.markup.html.form.AjaxSubmitLink;
> import
> org.apache.wicket.authroles.authorization.strategies.role.annotations.AuthorizeInstantiation;
> import org.apache.wicket.markup.html.WebPage;
> import org.apache.wicket.markup.html.form.Form;
> @AuthorizeInstantiation("USER")
> public class Test extends WebPage {
> public Test()
> {
> super();
>
> final Form testForm =
> new Form("testForm");
>
> testForm.setMultiPart(true);
>
> testForm.add(new AjaxSubmitLink("testButton", testForm) {
>
> @Override
> protected void onSubmit(AjaxRequestTarget target, Form
> form) {
> super.onSubmit();
> };
>
> @Override
> protected void onError(AjaxRequestTarget target, Form
> form) {
>
> };
> });
>
> add(testForm);
> }
> }
> And have selected the option "Remember credentials" in the SignInPanel,
> clicking on the testButton AFTER the session has expired will result in:
> http://localhost:8080/PaladinWicket/?3-1.IBehaviorListener.0-testForm-testButton&wicket-ajax=true&wicket-ajax-baseurl=.
> which displays this in the browser:
> This XML file does not appear to have any style information associated with
> it. The document tree is shown below.
> <ajax-response>
> <redirect>
> <![CDATA[ .?1 ]]>
> </redirect>
> </ajax-response>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
