[jira] [Updated] (WICKET-5140) InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards

Fri, 26 Apr 2013 08:08:16 -0700 

     [ 
https://issues.apache.org/jira/browse/WICKET-5140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Martin Grigorov updated WICKET-5140:
------------------------------------

    Fix Version/s: 1.5.11
    
> InterceptData never gets cleared from session after 
> continueToOriginalDestination is called and another page is requested 
> afterwards
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WICKET-5140
>                 URL: https://issues.apache.org/jira/browse/WICKET-5140
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.10
>            Reporter: Dirk Forchel
>            Assignee: Martin Grigorov
>            Priority: Critical
>             Fix For: 6.8.0, 1.5.11
>
>
> We have the same problem as earlier described by Chris in WICKET-4500:
> "The above fix is great but we've run into another problem. If an admin user 
> attempts to go to a restricted page and gets redirected via a 
> RedirectToInterceptException but then decides not to log on but then goes to 
> the normal home page authentication and then successfully logs on as a 
> standard user that authentication will redirect to where the admin initially 
> wanted to go to - because they never authenticated as admin 
> continueToOriginalDestination was never called and so Wicket still thinks 
> that when continueToOriginalDestination is called after the standard user's 
> authentication that it needs to redirect to the original admin page... fun!
> Would it be possible to introduce an explicit 'clearRedirect' method so that 
> when the home page does a RestartResponseException to redirect to the 
> standard user authentication page it can, at the same time, do a 
> 'clearRedirect' so that a subsequent call to continueToOriginalDestination 
> does not attempt to go to the admin page.
> I can't remove the continueToOriginalDestination from the standard user 
> authentication page because it is still required to perform a continue when 
> it was reached by a RedirectToIntercepException from restricted pages other 
> than the home page. "

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to