----- Original Message ----- From: "ThomasGrundey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 12, 2003 12:02 PM Subject: Very long URL in portlet causes problems in the security mechanism
> I have several JSP Portlets build in the following way: > > 1. A portlet has a FORM entry like > > <FORM method=GET action="<jetspeed:portletlink jspeid= '<%= id %>' />"> > > <INPUT type=hidden name='tm_event' value='otsearchOrders'> > > I use my own adapted implementation of JspPortlet which uses the value > (like 'otsearchOrders') to find out which JSP-File to call. > > 2. The called JSP-File reads the request data and does some processing > > Some portlets build that way work fine, others not. I get the message > "You do not habe access to this portlet" > > Further inspection shows: > The portlets with problems have a very long URL like > http://localhost:8080/jetspeed/portal/user/tg/page/default.psml > /js_peid/P-f54a4dba63-10002/media-type/html?tm_event=otsearch > &orderNr=&orderTypeId=-100&status=alle+Stati&startDate=01.01.01 > &stopDate=11.06............ > > When I manually delete enough characters in the browser I do not get > the message anymore (but of course my application needs the long URL). > > Using a debugger I found out that in > RegistryAccessController.java method checkPermission the value for > owner is null when a have a very long URL and a value of "tg" when > the URL is shorter. > I also tried to use POST instead of GET with the same result. > Something seems to go wrong when a very long url is parsed to get > the owner. > > Does anybody know how to avoid this? > > I am using 1.4b3 with mysql > > Thanks in advance > Thomas Grundey --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
