0 Replies Latest reply on Nov 14, 2014 4:02 AM by arachelva

    Jboss (tomcat) doesn't restore SavedRequest after login

    arachelva Newbie

      i'm porting my application from tomcat to jboss as 7.1.1 final. it include smartgwt, spring.

      i use jaas login:

       

      <form method="POST" action="j_security_check">tion="j_security_check">
      

       

      to my custom login class which implements javax.security.auth.spi.LoginModule

      after login goes well, the execution flow goes to my spring controller:

       

       

      @RequestMapping(value="/all", method=RequestMethod.POST)
          @ResponseBody   
          public String all(@RequestBody String json,HttpSession session, HttpServletRequest servletrequest) throws Exception {
      

       

      but the "json" parameter is null.

      The cause seems to be in this method

       

      public boolean authenticate(Request request,
        HttpServletResponse response,
        LoginConfig config)
      

       

      in org.apache.catalina.authenticator.FormAuthenticator class, in the last part, after the .authenticate:

       

      principal = realm.authenticate(username, password);
        if (principal == null) {
        forwardToErrorPage(request, response, config);
        return (false);
        }
      
        if (log.isDebugEnabled())
        log.debug("Authentication of '" + username + "' was successful");
      
        if (session == null)
        session = request.getSessionInternal(false);
        if (session == null) {
        if (containerLog.isDebugEnabled())
        containerLog.debug
        ("User took so long to log on the session expired");
        response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
        sm.getString("authenticator.sessionExpired"));
        return (false);
        }
      
        // Save the authenticated Principal in our session
        session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal);
      
        // Save the username and password as well
        session.setNote(Constants.SESS_USERNAME_NOTE, username);
        session.setNote(Constants.SESS_PASSWORD_NOTE, password);
      
        // Redirect the user to the original request URI (which will cause
        // the original request to be restored)
        requestURI = savedRequestURL(session);
        if (log.isDebugEnabled())
        log.debug("Redirecting to original '" + requestURI + "'");
        if (requestURI == null)
        response.sendError(HttpServletResponse.SC_BAD_REQUEST,
        sm.getString("authenticator.formlogin"));
        else
        response.sendRedirect(response.encodeRedirectURL(requestURI));
        return (false);
      

       

      in debug i've found my json: in session there is a "note" field which contains a SavedRequest object:

      https://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/authenticator/SavedRequest.html

      it is a container of the request before login, and it has my json in his body field. its uri is restored (line #32) not the entire request. i suppose it should make a call of restoreRequest(request, session).

      how can i fix it? thanks in advance.