Hi Jennifer,
The "redirect" to the change password portlet is not a "real" browser
redirect, that's why the encoded action URL contains your original url.
It works differently. The moment Jetspeed detects that a password should
be updated (see PassWordCredentialValveImpl), it overrides the default
profiling rules for the original url with the "security" rule, which
points to /my-account.psml by default (might be different in your case).
So no matter where you navigate to, this psml will always be selected
when your password needs to be updated. The action url which is created
for the changed password portlet thus contains your original url, but
that's no problem AFAICS, because the doAction() of the ChangePassword
portlet will be called. Could it be that you have extended the default
ChangePasswordPortlet, but forgot to call super.doAction() or so? What
happens if you use the original ChangePasswordPortlet instead of your
custom one? What version of Jetspeed are you using by the way ?
regards,
Dennis
Ford, Jennifer M. wrote:
I just uncovered a problem with one of our custom portlets, and I was
wondering if anyone could tell me if this is the intended behavior or if
it is a bug.
When the user's password expires, they are thrown to the Change Password
Portlet, which we rewrote to add some additional functionality. The
actionURL provided by the response object at that point is the actionURL
for the original page, and not the my-account page that the user is
currently on. The result of this is that when they press the submit
button, they're not actually taken to the processAction method, so they
can't change their password.
Of course, if the user manually goes to the ChangePassword portlet by
clicking the 'Change Password' link in the login portlet, the actionURL
is correct.
Is this something to be expected, that if a redirect happens that the
actionURL given is not for the currently displayed page?
Thanks,
Jennifer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
