CsrfFilter exception fix for archetype selection page

Evolveum · Jul 22, 2023 · 4a478fd · 4a478fd
1 parent db7d80f
commit 4a478fd
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 25 deletions.
diff --git a/...n-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageArchetypeSelection.html b/...n-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageArchetypeSelection.html
@@ -11,7 +11,7 @@
 <html xmlns:wicket="http://wicket.apache.org">
 <body>
 <wicket:extend>
-    <form wicket:id="mainForm" class="form-horizontal">
+    <form method="post"  wicket:id="mainForm" class="form-horizontal">
         <div wicket:id="csrfField"/>
         <input type="hidden" wicket:id="archetypeOid"/>
         <div wicket:id="archetypeSelectionPanel" class="row p-0 col-12">

diff --git a/...n-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageArchetypeSelection.java b/...n-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageArchetypeSelection.java
@@ -47,7 +47,7 @@
 
 @PageDescriptor(urls = {
         @Url(mountUrl = "/archetypeSelection", matchUrlForSecurity = "/archetypeSelection")
-}, permitAll = true, authModule = AuthenticationModuleNameConstants.ARCHETYPE_SELECTION)
+}, permitAll = true, loginPage = true, authModule = AuthenticationModuleNameConstants.ARCHETYPE_SELECTION)
 public class PageArchetypeSelection extends PageAuthenticationBase {
 
     private static final long serialVersionUID = 1L;
@@ -146,7 +146,6 @@ private ArchetypeSelectionModuleType loadArchetypeSelectionModule() {
     protected void initCustomLayout() {
         MidpointForm<?> form = new MidpointForm<>(ID_MAIN_FORM);
         form.add(AttributeModifier.replace("action", (IModel<String>) this::getUrlProcessingLogin));
-        form.setOutputMarkupId(true);
         add(form);
 
         WebMarkupContainer csrfField = SecurityUtils.createHiddenInputForCsrf(ID_CSRF_FIELD);

diff --git a/...evolveum/midpoint/authentication/impl/factory/module/ArchetypeSelectionModuleFactory.java b/...evolveum/midpoint/authentication/impl/factory/module/ArchetypeSelectionModuleFactory.java
@@ -41,7 +41,8 @@ protected ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthe
     }
 
     @Override
-    protected LoginFormModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType, String prefixOfSequence, AuthenticationChannel authenticationChannel) {
+    protected LoginFormModuleWebSecurityConfiguration createConfiguration(AbstractAuthenticationModuleType moduleType,
+            String prefixOfSequence, AuthenticationChannel authenticationChannel) {
         LoginFormModuleWebSecurityConfiguration configuration = LoginFormModuleWebSecurityConfiguration.build(moduleType,prefixOfSequence);
         configuration.setSequenceSuffix(prefixOfSequence);
         return configuration;

diff --git a/...ntication/impl/module/configuration/ArchetypeSelectionModuleWebSecurityConfiguration.java b/...ntication/impl/module/configuration/ArchetypeSelectionModuleWebSecurityConfiguration.java
diff --git a/...lveum/midpoint/authentication/impl/provider/ArchetypeSelectionAuthenticationProvider.java b/...lveum/midpoint/authentication/impl/provider/ArchetypeSelectionAuthenticationProvider.java
@@ -63,6 +63,7 @@ protected Authentication internalAuthentication(Authentication authentication, L
 
         try {
             if (authentication instanceof ArchetypeSelectionAuthenticationToken) {
+                //todo process the case when no archetype oid is defined
                 String archetypeOid = (String) authentication.getDetails();
                 if (StringUtils.isEmpty(archetypeOid)) {
                     LOGGER.debug("No details provided: {}", authentication);