0 Replies Latest reply on Nov 14, 2014 4:02 AM by arachelva

    Jboss (tomcat) doesn't restore SavedRequest after login

    arachelva
    arachelva Nov 14, 2014 4:02 AM

      i'm porting my application from tomcat to jboss as 7.1.1 final. it include smartgwt, spring.

      i use jaas login:

       

      <form method="POST" action="j_security_check">tion="j_security_check">

       

      to my custom login class which implements javax.security.auth.spi.LoginModule

      after login goes well, the execution flow goes to my spring controller:

       

       

      @RequestMapping(value="/all", method=RequestMethod.POST)
    @ResponseBody   
    public String all(@RequestBody String json,HttpSession session, HttpServletRequest servletrequest) throws Exception {

       

      but the "json" parameter is null.

      The cause seems to be in this method

       

      public boolean authenticate(Request request,
  HttpServletResponse response,
  LoginConfig config)

       

      in org.apache.catalina.authenticator.FormAuthenticator class, in the last part, after the .authenticate:

       

      principal = realm.authenticate(username, password);
  if (principal == null) {
  forwardToErrorPage(request, response, config);
  return (false);
  }

  if (log.isDebugEnabled())
  log.debug("Authentication of '" + username + "' was successful");

  if (session == null)
  session = request.getSessionInternal(false);
  if (session == null) {
  if (containerLog.isDebugEnabled())
  containerLog.debug
  ("User took so long to log on the session expired");
  response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
  sm.getString("authenticator.sessionExpired"));
  return (false);
  }

  // Save the authenticated Principal in our session
  session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);

  // Save the username and password as well
  session.setNote(Constants.SESS_USERNAME_NOTE, username);
  session.setNote(Constants.SESS_PASSWORD_NOTE, password);

  // Redirect the user to the original request URI (which will cause
  // the original request to be restored)
  requestURI = savedRequestURL(session);
  if (log.isDebugEnabled())
  log.debug("Redirecting to original '" + requestURI + "'");
  if (requestURI == null)
  response.sendError(HttpServletResponse.SC_BAD_REQUEST,
  sm.getString("authenticator.formlogin"));
  else
  response.sendRedirect(response.encodeRedirectURL(requestURI));
  return (false);

       

      in debug i've found my json: in session there is a "note" field which contains a SavedRequest object:

      https://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/authenticator/SavedRequest.html

      it is a container of the request before login, and it has my json in his body field. its uri is restored (line #32) not the entire request. i suppose it should make a call of restoreRequest(request, session).

      how can i fix it? thanks in advance.