Jboss (tomcat) doesn't restore SavedRequest after login
arachelva Nov 14, 2014 4:02 AMi'm porting my application from tomcat to jboss as 7.1.1 final. it include smartgwt, spring.
i use jaas login:
<form method="POST" action="j_security_check">tion="j_security_check">
to my custom login class which implements javax.security.auth.spi.LoginModule
after login goes well, the execution flow goes to my spring controller:
@RequestMapping(value="/all", method=RequestMethod.POST) @ResponseBody public String all(@RequestBody String json,HttpSession session, HttpServletRequest servletrequest) throws Exception {
but the "json" parameter is null.
The cause seems to be in this method
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config)
in org.apache.catalina.authenticator.FormAuthenticator class, in the last part, after the .authenticate:
principal = realm.authenticate(username, password); if (principal == null) { forwardToErrorPage(request, response, config); return (false); } if (log.isDebugEnabled()) log.debug("Authentication of '" + username + "' was successful"); if (session == null) session = request.getSessionInternal(false); if (session == null) { if (containerLog.isDebugEnabled()) containerLog.debug ("User took so long to log on the session expired"); response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT, sm.getString("authenticator.sessionExpired")); return (false); } // Save the authenticated Principal in our session session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); // Save the username and password as well session.setNote(Constants.SESS_USERNAME_NOTE, username); session.setNote(Constants.SESS_PASSWORD_NOTE, password); // Redirect the user to the original request URI (which will cause // the original request to be restored) requestURI = savedRequestURL(session); if (log.isDebugEnabled()) log.debug("Redirecting to original '" + requestURI + "'"); if (requestURI == null) response.sendError(HttpServletResponse.SC_BAD_REQUEST, sm.getString("authenticator.formlogin")); else response.sendRedirect(response.encodeRedirectURL(requestURI)); return (false);
in debug i've found my json: in session there is a "note" field which contains a SavedRequest object:
https://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/authenticator/SavedRequest.html
it is a container of the request before login, and it has my json in his body field. its uri is restored (line #32) not the entire request. i suppose it should make a call of restoreRequest(request, session).
how can i fix it? thanks in advance.