Eclipse Community Forums: Eclipse Scout » Browser bypasses authentication step

Home » Eclipse Projects » Eclipse Scout » Browser bypasses authentication step(Browser bypasses authentication step at second attempt to reach http://localhost:8082/web)

Show: Today's Messages :: Show Polls :: Message Navigator

Browser bypasses authentication step [message #1063619]

Thu, 13 June 2013 14:14

Boy D'Poy

Messages: 67
Registered: October 2011

Member

Hi!

Lets suppose that I have a simple Scout/Rap application with the Basic authentication method activated.

At logging out, everything works fine (I'm correctly logged out to the given LogoutFilter#logoutLandingUrl, the session is cleared and freed ... I think ... this is what I realize at least at monitoring the application at : http://localhost:8080/test/process...).

But when I try to reopen http://localhost:8082/web, Im not asked to supply credentials, but directly logged on as the previous user.

What's wrong and what should I do to enforce the browser to authenticate the next user?

Thank you!

Once You Go Scout, You Never Come Out!

Report message to a moderator

Re: Browser bypasses authentication step [message #1064181 is a reply to message #1063619]

Tue, 18 June 2013 06:54

Stephan Leicht Vogt

Messages: 104
Registered: July 2015

Senior Member

Hi

I think you might have run into this bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=410330

The logout filter was removed in 3.9. So it has to be registered in the project. New Projects created with Scout SDK 3.9 will get it registered automatically by the SDK.

Please let me know if this is not your problem.

---
Thanks and greetings
Stephan

Report message to a moderator

Re: Browser bypasses authentication step [message #1064326 is a reply to message #1064181]

Tue, 18 June 2013 18:07

Boy D'Poy

Messages: 67
Registered: October 2011

Member

Hi!

Thank you for the reply, but the LogoutFilter behaviour is not the problem.
The same problem occurs even in the previous version of Scout (3.8.x).

Steps to reproduce the bug:

1-With the SDK, create a well compiling and running project from scratch,
and implement:
--a/ the deconnection code

AbstractSession#stopSession()

.
--b/ the basic authentication mode using for example

BasicSecurityFilter

.

2-Try to connect to the application : at that point, the browser requires you to supply your credentials.

3-Choose for example allen/allen.

4-Disconnect from the implemented action : at that point allen's session is cleared, you can monitor it 2 minutes after at : http://localhost:8080/test/process .

5-DO NOT CLOSE YOUR BROWSER and try to connect again to : http://localhost:8082/web:
at that point occurs the ABNORMAL BEHAVIOUR (I THINK): NO PROMPT DIALOG is displayed and you are automatically logged in as allen ... each time you repeat these steps ... until you choose to close your browser. ;(

So how is it possible at step 5 to enforce the browser showing before continuing, the authentication dialog box?

Regards!

Once You Go Scout, You Never Come Out!

[Updated on: Tue, 18 June 2013 18:58]

Report message to a moderator