Hi,
I've got a struts based app using form based authentication (started out
as xpetstore).
I have a situation where if I'm on a web form protected by role based
security, and the session times out, and then I submit the form, I get
to the login page, login, but then the original form data is lost.
According to the log data, it's looking for an ActionForm of a different
name according to whether the session has timed out or not!!!
I thought this stuff was statically configured.
When there is no time out, the log looks like this:
2004-03-25 19:40:19,350 INFO [xpetstore.web.filter.SignOnFilter]
doFilter()
2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
user=bug1b
2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
isSignedIn=true
2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
uri=/MotoringMemorabilia/updateCustomer.jspa
2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter]
_login=/login.jspa
2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /updateCustomer.jspa
2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default
2004-03-25 19:40:19,350 DEBUG
[org.apache.struts.action.RequestProcessor] Processing a 'POST' for path
'/updateCustomer'
2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]
Looking for ActionForm bean instance in scope 'request' under attribute
key 'existingCustomerForm'
2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils]
Creating new ActionForm instance of type
'xpetstore.web.struts.action.customer.ExistingCustomerForm'
2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] -->
[EMAIL PROTECTED]
2004-03-25 19:40:19,350 DEBUG
[org.apache.struts.action.RequestProcessor] Storing ActionForm bean
instance in scope 'request' under attribute key 'existingCustomerForm'
2004-03-25 19:40:19,350 DEBUG
[org.apache.struts.action.RequestProcessor] Populating bean properties
from this request
2004-03-25 19:40:19,360 DEBUG
[org.apache.struts.action.RequestProcessor] Validating input form
properties
2004-03-25 19:40:19,370 DEBUG
[org.apache.struts.action.RequestProcessor] No errors detected,
accepting input
2004-03-25 19:40:19,370 DEBUG
[org.apache.struts.action.RequestProcessor] Looking for Action instance
for class xpetstore.web.struts.action.customer.UpdateCustomerAction
2004-03-25 19:40:19,370 DEBUG
[org.apache.struts.action.RequestProcessor] Creating new Action
instance
2004-03-25 19:40:19,370 INFO
[xpetstore.web.struts.action.customer.UpdateCustomerAction] execute()
When there is a timeout the log goes like this:
2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils]
Looking for ActionForm bean instance in scope 'request' under attribute
key 'newCustomerForm'
2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils]
Creating new ActionForm instance of type
'xpetstore.web.struts.action.customer.NewCustomerForm'
2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] -->
[EMAIL PROTECTED]
2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /index.jsp
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /cart.jspa
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /signon.jspa
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /search.jspa
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Looking for ActionForm bean instance in scope 'request' under attribute
key 'searchForm'
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Creating new ActionForm instance of type
'xpetstore.web.struts.action.product.SearchForm'
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] -->
[EMAIL PROTECTED]
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /index.jsp
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils]
Module name found: default
2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get
module name for path /category.jspa?categoryId=SIGNS
The relevant action configuration looks like this:
<action
path="/updateCustomer"
type="xpetstore.web.struts.action.customer.UpdateCustomerAction"
name="existingCustomerForm"
scope="request"
input="/myaccount.jsp"
unknown="false"
validate="true"
>
<set-property
property="secure"
value="true"
/>
<forward
name="success"
path="/index.jsp"
redirect="false"
/>
<forward
name="error"
path="/myaccount.jsp"
redirect="false"
/>
The form that is posted is declared in html like this:
<form name="existingCustomerForm" method="post"
action="/MotoringMemorabilia/updateCustomer.jspa">
I need to understand the interplay between container (form) based
authentication, filters and struts actionservlet.
Can anyone shed some light?
Thanks
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
