Orbeon Forms community mailing list - Re: j_security_check authentication issues in version 3.8.0

Re: j_security_check authentication issues in version 3.8.0

Posted by Alessandro Vernet on Jun 11, 2010; 5:32pm
URL: https://discuss.orbeon.com/j-security-check-authentication-issues-in-version-3-8-0-tp2243172p2252089.html

Hi Alan,

I have been able to reproduce this; thank you for the test case. I
added a bug with some more information about what is happening, and we
will be investigating this and will keep you updated.

http://forge.ow2.org/tracker/index.php?func=detail&aid=315104&group_id=168&atid=350207

Alex

On Fri, Jun 4, 2010 at 5:40 AM, Leavy, Alan <[hidden email]> wrote:

> Reposting as this somehow ended up on the wrong thread first time:
>
>
>
>
>
> Hi,
>
>
>
> I’ve just migrated from Orbeon Forms 3.7beta to 3.8.0.201005141856 and I’ve
> been having problems with the authentication for my migrated apps.
>
>
>
> I’ve reproduced the problem by making modifications to the sample
> ”java-authentication” example [modified version attached]
>
> Basically, I’ve added a submission / pipeline which is triggered by
> xforms-ready. It just puts some data into a new instance in the model
> (addresses-instance).
>
> I also changed the security-constraint in web.xml, adding a wildcard to the
> url-pattern:
>
>     <security-constraint>
>
>         <web-resource-collection>
>
>             <web-resource-name>Authentication example</web-resource-name>
>
>             <url-pattern>/java-authentication/*</url-pattern>
>
>         </web-resource-collection>
>
>         <auth-constraint>
>
>             <role-name>orbeon-admin</role-name>
>
>         </auth-constraint>
>
>     </security-constraint>
>
>
>
> The issue is that, when my security constraint in the web.xml file covers
> both the web form and the XPL service, the login screen seems to be
> triggered for both in succession: First for the form when I attempt to load
> it (no problem) but also again for the XPL service when it is triggered by
> the xforms-ready event. This makes the submission fail because the system
> tries to replace my addresses-instance with the login form (“Body received
> with non-XML media type for replace="instance": text/html”). The pipeline
> itself never runs. It’s as if the initial authentication, triggered by
> initially loading the form, was not complete before the xforms-ready event
> fired.
>
>
>
> If I reload the form, it works fine, as I’m already authenticated
>
> This issue didn’t occur in version 3.7beta.
>
>
>
> I’m running on apache tomcat version 5.5.26, JVM version 1.5.0_12-b04.
>
> The problem, as demonstrated in the attached app, does not always occur the
> first time you run it after a tomcat restart. If you log out you then see
> the problem every subsequent time you first access the application after a
> logout. [http://localhost:8080/orbeon/java-authentication/]
>
>
>
> Has anyone else seen such authentication issues in version 3.8.0?
>
>
>
> Regards,
>
>     Alan.
>
> --
> You receive this message as a subscriber of the [hidden email] mailing
> list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws
>
>

--
Orbeon Forms - Web forms, open-source, for the Enterprise -
http://www.orbeon.com/
My Twitter: http://twitter.com/avernet

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet