InterceptData never cleared from session after continueToOriginalDestination is
called
--------------------------------------------------------------------------------------
Key: WICKET-4500
URL: https://issues.apache.org/jira/browse/WICKET-4500
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.5.5, 1.5.6
Environment: Tomcat 6.0.29
Linux or Windows (happens on both)
Reporter: Chris Colman
Attachments: continueDestinationNotCleared.zip
We have a scenario where single person can log in under different accounts on
the same website. Different user types will typically go to different page
types.
A single person using different accounts is not normally required but we are
demonstrating to corporate clients how the system will be used by different
user types. In the demonstration we need to log in as an 'admin' user to demo
the admin aspects and then we need to log in as a 'standard' user to
demonstrate the aspects that will apply to a standard user.
The admin page uses RedirectToInterceptException to authentication page if no
one is logged in.
The standard page uses the home page to authenticate and throws new
RestartResponseException(new AuthenticatePage(parameters)) if no one is
authenticated (i.e. no intercept)
After authentication we either continue or go to the 'default' page for a
standard user.
Code looks like this:
If ( authenicationSucceeded )
{
if ( !continueToOriginalDestination() )
{
// Was not redirected to this
authentication page so go to default destination for the home page
// Find default page for
standard users and go to that page
}
}
What we find is that after an admin log on (with intercept/continue sequence) a
subsequent standard user log on will not execute the above body because
continueToOriginalDestination returns 'true' even though this page was not an
intercept page.
It looks like after an intercept/continue has occurred it does not clear the
'original destination' attribute and so a subsequent call to
continueToOriginalDestination will return true when it should really return
false.
The quickstarts demonstrates the problem:
Point browser to localhost/app/landing
Click 'logon'
Click 'Click to continue' - each time you click continueToOriginalDestination
is called which successfully does a continue as evidenced by the page counter
incrementing.
If running in a debugger set a break point on
RestartResponseAtInterceptPageException.InterceptData.clear().
Restart the app and then click on 'logon' and you will never see the clear
method executed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
