Skip to main content

Acegi Security - fails to process login with a landing page having dynamic jsp:include

I spent 10 mins in vain to aptly Title this post. but I still dont think I did justice.

While working with Acegi, I discovered a problem in a srange use case.

this post assumes intermediate-advanced level knowledge of Acegi

Acegi has a SecurityContextHolderAwareRequestFilter that filters requests accessing secure pages when SecurityContextHolder doesnot have a securityToken yet. So if user accesses /root/secure/resource , and he is not yet logged in, the request is redirected to /login (defined in AuthenticationProcessingFilterEntryPoint)

now, The request uri along with params if any are wrapped into SavedRequestWrapper, so it can be used to redirected to once the login is successful.

The SavedRequestWrapper implments HttpServletRequest so a getParam on this will return the params from /login request first and then /root/secure/resource after the redirect.

This is simple so far. But when the /root/secure/resource has a jsp:include page="/root/secure/resource2" things get complicated if both resources have some param keys. say:

/root/secure/resource?action1=method1 and included jsp is /root/secure/resource2?action2=metod2
and /root/secure/resource?action=method1 is accessed with out login

So the filter saves this request and creates a redirects it to /login once you login, The jsp:include kicks in, and adds the method2 to the action param so request will now have action2=method2&action1=method1. However, The saved request is trying to redirect all successfully logged in requests with a param map action=method1, so we lost method have a null value for action2.

I raised a bug ( and someone already fixed it )in Spring JIRA. How?

By always letting the new request supercede the old one.

Popular posts from this blog

javascript maxlength for textarea with \r\n breaks in java (esp Firefox)

Textareas allow new lines to enter. These are represented by \n (1) or \r\n (2) characters. But when you save to DB you have a limit to certain length of chars. There is no maxlength attribute in HTML that will stop you from entering data. This is generally acomplished by Javascript. You do a onkeyup hook and stop event or trim after textarea.value.length > maxlength. There are many other solutions out there.. But.. Here is the problem that most of those solutions overlook, How do you deal with the count on \n and \r\n representations. Lets first see how it matters. If the text entered has new lines, the length is calculated differently in Firefox and IE. When you enter a Text like 01234 567890 You expect the textarea.value.length to be 11. (10 chars + new line).On the backend, however, java would recieve it as 12 chars (10 chars + \r\n) (this is irrespective of FF or IE). So you are effectively saving 12 chars to DB. Worse yet, IE seems to figure textarea.value.length as 12 (

How to Make a Local (Offline) Repository in Ubuntu / Debian

If you are in a place where you dont have internet (or have a bad one) You want to download .deb packages and install them offline. Each deb file is packaged as a seperate unit but may contain dependencies (recursively). apt-get automagically solves all the dependencies and installs all that are necessary. Manually install deb files one by one resolving each dependency would be tedious. A better approach is to make your own local repository. Before you actually make a repo, You need *all* deb files. You dont practically have to mirror all of the packages from the internet, but enough to resolve all dependencies. Also, You have to make sure, you are getting debs of the correct architecture of your system (i386 etc) # 1. make a dir accessible (atleast by root) sudo mkdir /var/my-local-repo # 2. copy all the deb files to this directory. # 3. make the directory as a sudo dpkg-scanpackages /var/my-local-repo /dev/null > \ /var/my-local-repo/Packages # 4. add the local repo to sour

MySql Copying Table Structures.

Some times you need to copy only table structures across databases. This article describes two ways of doing it. If the whole database schema need to be exported, mysqldump is very effective. A --nodata flag will dump all tables' schema. Like this. mysqldump --nodata -p -u username databaseName But if you want to copy a specific table, individually, you could use "create table like" feature. You could create it even from a different database. However it must be on the same mysqld instance. Like this. create table newtable like oldtable; --Or from a table in other database create table mytable like otherdatabase.tablename;