Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for login page when integration with Spring Security #19

Closed
balasubram opened this issue Jan 4, 2013 · 6 comments
Closed

Support for login page when integration with Spring Security #19

balasubram opened this issue Jan 4, 2013 · 6 comments
Assignees
@gillarramendi

Comments

@balasubram
Copy link

I have integrated spring-security into my application. HDIV integration is done on top of it.

When the session expires, if HDIV is not integrated, upon accessing any URL, the redirection happens to the login page. But when HDIV is integrated with the application , the redirection happens to the error page configured in hdiv-config.xml,

I thin the redirection to error page should be only when there URL is tampered, when the session expires it should be redirected to the login page.
@ghost ghost assigned gillarramendi Jan 7, 2013
@gillarramendi
Copy link
Member

Try to use the new 'loginPage' attribute on hdiv:config.

<hdiv:config errorPage="/error.jsp" loginPage="/login.html"

Regards

@balasubram
Copy link
Author

Hi Gillarramendi,

The login page works when the session expires automatically. It doesn't work in the following scenario.

  1. Logged into the Application.
  2. Opened a link in the second tab.
  3. Did a log out from the first tab.
  4. When trying to open a link in the second tab, the redirection is happening to the error page and not to the login page.

I set the log level to trace and following are the logs!

[DEBUG] http-bio-7780-exec-9 09:57:58 New ResponseWrapper instance.
[DEBUG] http-bio-7780-exec-9 09:57:58 New RequestWrapper instance.
[DEBUG] http-bio-7780-exec-9 09:57:58 Stripping jsessionid from url /sample/new/newfeature.htm
[DEBUG] http-bio-7780-exec-9 09:57:58 Getting page with id:11
[ERROR] http-bio-7780-exec-9 09:57:58 Page with id [11] not found in session.
[ERROR] http-bio-7780-exec-9 09:57:58 Page with id [11] not found in session.
[DEBUG] http-bio-7780-exec-9 09:57:58 error, page (11) not found in session
[DEBUG] http-bio-7780-exec-9 09:57:58 validation error: error, page (11) not found in session
[ INFO] http-bio-7780-exec-9 09:57:58 validation error: error, page (11) not found in session;sample/new/newfeature.htm;HDIV_STATE;11-3-5F6E37D94E0E5680E52AE4F091E42EB9;127.0.0.1;127.0.0.1;user
[DEBUG] http-bio-7780-exec-9 09:57:58 The page [19] has no states, is not stored in session
[DEBUG] http-bio-7780-exec-4 09:57:58 New ResponseWrapper instance.
[DEBUG] http-bio-7780-exec-4 09:57:58 New RequestWrapper instance.
[DEBUG] http-bio-7780-exec-4 09:57:58 Stripping jsessionid from url /sample/error.htm
[DEBUG] http-bio-7780-exec-4 09:57:58 New ResponseWrapper instance.
[DEBUG] http-bio-7780-exec-4 09:57:58 New RequestWrapper instance.
[DEBUG] http-bio-7780-exec-4 09:57:58 Stripping jsessionid from url /sample/error.htm
[DEBUG] http-bio-7780-exec-4 09:57:58 Requested /error.htm
[DEBUG] http-bio-7780-exec-4 09:57:58 The page [20] has no states, is not stored in session

@balasubram
Copy link
Author

Hi Gillarramendi,

I have fixed it. Can you do the review as I am not sure if this breaks any other functionality.

The changes are as follows:

ValidatorHelperRequest.java

127 +++ public boolean validate(HttpServletRequest request) throws HDIVException {

127 ----- public boolean validate(HttpServletRequest request) {

165 +++ IState state = null;
166 +++ try {
167 +++ state = this.restoreState(request, target);
168 +++ if (state == null) {
169 +++ return false;
170 +++ }
171 +++ } catch (HDIVException e) {
172 +++ throw new HDIVException(e.getMessage(), e);
173 +++ }

166 ----- IState state = this.restoreState(request, target);
167 ----- if (state == null) {
168 ----- return false;
169 ----- }

531 +++ private IState restoreState(HttpServletRequest request, String target) throws HDIVException {

526 ----- private IState restoreState(HttpServletRequest request, String target) throws HDIVException {

564 +++ if(e.getMessage().contains("not found in session")) {
565 +++ throw new HDIVException(e.getMessage(), e);
566 +++ }

ValidatorFilter.java

32 +++ import org.hdiv.exception.HDIVException;

120 +++ boolean sessionExpired = false;

144 +++ try {
145 +++ legal = this.validationHelper.validate(multipartProcessedRequest);
146 +++ } catch (HDIVException e) {
147 +++ sessionExpired = true;
148 +++ }

156 +++ if (sessionExpired || session == null || session.isNew()) {

156 ----- if (session == null || session.isNew()) {

@gillarramendi
Copy link
Member

Hi,
thank you for your work.

Currently, I am refactoring error handling code to get more flexible solution.

We want to differentiate logged and not logged users in 'session expired' error, to send ones to login page and the other to the home.

Regards

@balasubram
Copy link
Author

I haven't committed the change. I am using it locally!

@gillarramendi
Copy link
Member

There are two new attributes on configuration:

Example:
https://github.com/hdiv/hdiv-spring-mvc-showcase/blob/master/src/main/webapp/WEB-INF/hdiv-config.xml#L8

To define error pages showed on session expiration cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gillarramendi gillarramendi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gillarramendi @balasubram