mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-07 01:54:22 +00:00
Fix for DS-959: XMLUI login failure when using Tomcat 7.0.16. This updates XMLUI's main DSpaceCocoonServletFilter & all AuthenticateAction classes so that users always visit the DSpace XMLUI homepage with a trailing slash (e.g. http://localhost:8080/xmlui/). If they ever access it without a trailing slash, they are auto-redirected. This fixes login issues with Tomcat 7, which generates Session Cookies with a trailing slash by default. This fix works for both Tomcat 6 & 7.
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@6763 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Tim Donohue
@@ -91,9 +91,9 @@ public class AuthenticateAction extends AbstractAction
|
||||
}
|
||||
else
|
||||
{
|
||||
// Otherwise direct the user to the login page
|
||||
// Otherwise direct the user to the specified 'loginredirect' page (or homepage by default)
|
||||
String loginRedirect = ConfigurationManager.getProperty("xmlui.user.loginredirect");
|
||||
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "";
|
||||
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "/";
|
||||
}
|
||||
|
||||
// Authentication successfull send a redirect.
|
||||
|
||||
@@ -22,6 +22,7 @@ import org.apache.cocoon.environment.SourceResolver;
|
||||
import org.apache.cocoon.environment.http.HttpEnvironment;
|
||||
import org.apache.cocoon.sitemap.PatternException;
|
||||
import org.dspace.app.xmlui.utils.AuthenticationUtil;
|
||||
import org.dspace.core.ConfigurationManager;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.eperson.EPerson;
|
||||
|
||||
@@ -81,6 +82,12 @@ public class LDAPAuthenticateAction extends AbstractAction {
|
||||
redirectURL += AuthenticationUtil
|
||||
.resumeInterruptedRequest(objectModel);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Otherwise direct the user to the specified 'loginredirect' page (or homepage by default)
|
||||
String loginRedirect = ConfigurationManager.getProperty("xmlui.user.loginredirect");
|
||||
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "/";
|
||||
}
|
||||
|
||||
// Authentication successfull send a redirect.
|
||||
final HttpServletResponse httpResponse = (HttpServletResponse) objectModel
|
||||
|
||||
@@ -83,9 +83,9 @@ public class ShibbolethAction extends AbstractAction
|
||||
}
|
||||
else
|
||||
{
|
||||
// Otherwise direct the user to the login page
|
||||
// Otherwise direct the user to the specified 'loginredirect' page (or homepage by default)
|
||||
String loginRedirect = ConfigurationManager.getProperty("xmlui.user.loginredirect");
|
||||
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "";
|
||||
redirectURL += (loginRedirect != null) ? loginRedirect.trim() : "/";
|
||||
}
|
||||
|
||||
// Authentication successfull send a redirect.
|
||||
|
||||
@@ -224,26 +224,50 @@ public class DSpaceCocoonServletFilter implements Filter
|
||||
public void doFilter(ServletRequest request, ServletResponse response,
|
||||
FilterChain arg2) throws IOException, ServletException {
|
||||
|
||||
HttpServletRequest realRequest = (HttpServletRequest)request;
|
||||
HttpServletResponse realResponse = (HttpServletResponse) response;
|
||||
HttpServletRequest realRequest = (HttpServletRequest)request;
|
||||
HttpServletResponse realResponse = (HttpServletResponse) response;
|
||||
|
||||
try {
|
||||
try {
|
||||
// Check if there is a request to be resumed.
|
||||
realRequest = AuthenticationUtil.resumeRequest(realRequest);
|
||||
|
||||
// Send the real request or the resumed request off to
|
||||
// cocoon....
|
||||
// cocoon....right after we check our URL...
|
||||
|
||||
//Get the Request URI, this will include the Context Path
|
||||
String requestUri = realRequest.getRequestURI();
|
||||
//Get the Context Path of the XMLUI web application
|
||||
String contextPath = realRequest.getContextPath();
|
||||
//Remove the Context Path from the Request URI -- this is the URI within our webapp
|
||||
String uri = requestUri.replace(contextPath, "");
|
||||
|
||||
//If the URI within XMLUI is an empty string, this means user
|
||||
//accessed XMLUI homepage *without* a trailing slash
|
||||
if(uri==null || uri.length()==0)
|
||||
{
|
||||
//Redirect the user to XMLUI homepage with a trailing slash
|
||||
//(This is necessary to ensure our Session Cookie, which ends
|
||||
// in a trailing slash, isn't lost by some browsers, e.g. IE)
|
||||
String locationWithTrailingSlash = realRequest.getRequestURI() + "/";
|
||||
|
||||
//Reset any existing response headers -- instead we are going to redirect user to correct path
|
||||
realResponse.reset();
|
||||
|
||||
//Redirect user to homepage with trailing slash
|
||||
realResponse.sendRedirect(locationWithTrailingSlash);
|
||||
}
|
||||
// if force ssl is on and the user has authenticated and the request is not secure redirect to https
|
||||
if ((ConfigurationManager.getBooleanProperty("xmlui.force.ssl")) && (realRequest.getSession().getAttribute("dspace.current.user.id")!=null) && (!realRequest.isSecure())) {
|
||||
else if ((ConfigurationManager.getBooleanProperty("xmlui.force.ssl")) && (realRequest.getSession().getAttribute("dspace.current.user.id")!=null) && (!realRequest.isSecure())) {
|
||||
StringBuffer location = new StringBuffer("https://");
|
||||
location.append(ConfigurationManager.getProperty("dspace.hostname")).append(realRequest.getContextPath()).append(realRequest.getServletPath()).append(
|
||||
realRequest.getQueryString() == null ? ""
|
||||
: ("?" + realRequest.getQueryString()));
|
||||
realResponse.sendRedirect(location.toString());
|
||||
}
|
||||
|
||||
arg2.doFilter(realRequest, realResponse);
|
||||
else
|
||||
{ // invoke the next filter
|
||||
arg2.doFilter(realRequest, realResponse);
|
||||
}
|
||||
|
||||
} catch (RuntimeException e) {
|
||||
ContextUtil.abortContext(realRequest);
|
||||
|
||||
Reference in New Issue
Block a user