2 Replies Latest reply on Sep 13, 2011 10:24 AM by alefeltes

SafeActions.isActionSafe throws exception if used with redirect.captureCurrentView

m0m0.gruber.chri.gmx.at Apr 24, 2009 1:40 PM

Hi!

In my compontents.xml I have

<event type ="org.jboss.seam.security.notLoggedIn">
  <action execute="#{redirect.captureCurrentView}" />
</event>
<event type="org.jboss.seam.security.loginSuccessful">
  <action execute="#{redirect.returnToCapturedView}" />
</event>

So if the user navigates to a page which requires a login he is redirected to the login-page and after successful login he is redirected back to the page he called before.

In a test.xhtml i have the following:

<s:link view="/bla.seam" id="xxx" action="#{myBean.doSomething('bla')}">

Now for some reason while the user is viewing this page he gets logged out (in my case because i restart the server, but it could also happen because of a timeout or something like that).

The user doesn't recognize that the server has been restartet (because the page doesn't change while the server restarts) so he clicks on the Seam link mentioned above.

Because the page required a login the notLoggedIn event is thrown und the redirect-components captures the current view (redirect.captureCurrentView).
It also captures the parameters (Line 115 in org.jboss.seam.faces.Redirect): The parameter is
actionMethod=foo/bar/test.xhtml:myBean.doSomething('bla')

Then the user is redirected to the login-view. After successfully logging in returnToCapturedView is called because of the loginSuccessful event.
In this method the method execute() is called, and execute calls

FacesManager.instance().redirect(viewId, parameters, conversationPropagationEnabled, true);

In the redirect method the parameter captureCurrentView stored is encoded, so it now looks like

/myProject/main.seam?actionMethod=foo%2Fbar%2Ftest.xhtml%3AmyBean.doSomething%28%27bla%27%29&cid=1

Later on the method isActionSafe(String id) of org.jboss.seam.navigation.SafeActions is called.
The id passed to the method is the encoded URL mentioned above.

Now this method looks if the character ':' is contained in the URL, but it doesn't find it because it is encoded, so the method throws an IllegalArgumentException(Invalid action method + id);

Can anybody tell me what I can do to avoid this because it results in an Seam Debug page.

If I click the Seam Link without having restarted the server just before everything works perfect because isSafeAction gets the unencoded URL because no dedirect-method which encodes the url is in between.

Do I have to set any encoding parameters or something like this, or is this a seam bug?

I only found this thread:
http://seamframework.org/Community/SafeActionsisActionSafeCausingIllegalArgumentExceptionUnderHttps
But I dont use https-port or http-port in my pages.xml so unfortunately this doesn't help me.

Thanks,
Christian

1. Re: SafeActions.isActionSafe throws exception if used with redirect.captureCurrentView

m0m0.gruber.chri.gmx.at May 5, 2009 9:43 AM (in response to m0m0.gruber.chri.gmx.at)

Hi!

Has anybody tried to follow my problem and/or found a solution for the problem?

Thanks,
Christian
Actions
2. Re: SafeActions.isActionSafe throws exception if used with redirect.captureCurrentView

alefeltes Sep 13, 2011 10:24 AM (in response to m0m0.gruber.chri.gmx.at)

If you're still with these problem, see if these post helps you:

http://seamframework.org/Community/SafeActionsisActionSafeCausingIllegalArgumentExceptionUnderHttps#comment169054

I think you should be able at least to debug the isActionSafe method.
Actions

Go to original post