2 Replies Latest reply on Sep 13, 2011 10:24 AM by Ale Feltes Quenhan

    SafeActions.isActionSafe throws exception if used with redirect.captureCurrentView

    Christian Gruber Newbie

      SafeActions.isActionSafe throws exception if used with redirect.captureCurrentView



      Hi!


      In my compontents.xml I have



      <event type ="org.jboss.seam.security.notLoggedIn">
        <action execute="#{redirect.captureCurrentView}" />
      </event>
      <event type="org.jboss.seam.security.loginSuccessful">
        <action execute="#{redirect.returnToCapturedView}" />
      </event>





      So if the user navigates to a page which requires a login he is redirected to the login-page and after successful login he is redirected back to the page he called before.


      In a test.xhtml i have the following:


      <s:link view="/bla.seam" id="xxx" action="#{myBean.doSomething('bla')}">





      Now for some reason while the user is viewing this page he gets logged out (in my case because i restart the server, but it could also happen because of a timeout or something like that).


      The user doesn't recognize that the server has been restartet (because the page doesn't change while the server restarts) so he clicks on the Seam link mentioned above.


      Because the page required a login the notLoggedIn event is thrown und the redirect-components captures the current view (redirect.captureCurrentView).
      It also captures the parameters (Line 115 in org.jboss.seam.faces.Redirect): The parameter is
      actionMethod=foo/bar/test.xhtml:myBean.doSomething('bla')


      Then the user is redirected to the login-view. After successfully logging in returnToCapturedView is called because of the loginSuccessful event.
      In this method the method execute() is called, and execute calls


      FacesManager.instance().redirect(viewId, parameters, conversationPropagationEnabled, true);




      In the redirect method the parameter captureCurrentView stored is encoded, so it now looks like


      /myProject/main.seam?actionMethod=foo%2Fbar%2Ftest.xhtml%3AmyBean.doSomething%28%27bla%27%29&cid=1




      Later on the method isActionSafe(String id) of org.jboss.seam.navigation.SafeActions is called.
      The id passed to the method is the encoded URL mentioned above.


      Now this method looks if the character ':' is contained in the URL, but it doesn't find it because it is encoded, so the method throws an IllegalArgumentException(Invalid action method + id);



      Can anybody tell me what I can do to avoid this because it results in an Seam Debug page.



      If I click the Seam Link without having restarted the server just before everything works perfect because isSafeAction gets the unencoded URL because no dedirect-method which encodes the url is in between.



      Do I have to set any encoding parameters or something like this, or is this a seam bug?




      I only found this thread:
      http://seamframework.org/Community/SafeActionsisActionSafeCausingIllegalArgumentExceptionUnderHttps
      But I dont use https-port or http-port in my pages.xml so unfortunately this doesn't help me.


      Thanks,
      Christian