Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » Browser bypasses authentication step(Browser bypasses authentication step at second attempt to reach http://localhost:8082/web)
Browser bypasses authentication step [message #1063619] Thu, 13 June 2013 14:14 Go to next message
Boy D'Poy is currently offline Boy D'PoyFriend
Messages: 56
Registered: October 2011
Member
Hi!

Lets suppose that I have a simple Scout/Rap application with the Basic authentication method activated.

At logging out, everything works fine (I'm correctly logged out to the given LogoutFilter#logoutLandingUrl, the session is cleared and freed ... I think ... this is what I realize at least at monitoring the application at : http://localhost:8080/test/process...).

But when I try to reopen http://localhost:8082/web, Im not asked to supply credentials, but directly logged on as the previous user.

What's wrong and what should I do to enforce the browser to authenticate the next user?

Thank you!


Once You Go Scout, You Never Come Out!
Re: Browser bypasses authentication step [message #1064181 is a reply to message #1063619] Tue, 18 June 2013 06:54 Go to previous messageGo to next message
Stephan Leicht Vogt is currently offline Stephan Leicht VogtFriend
Messages: 102
Registered: February 2010
Location: Baden Switzerland
Senior Member

Hi

I think you might have run into this bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=410330

The logout filter was removed in 3.9. So it has to be registered in the project. New Projects created with Scout SDK 3.9 will get it registered automatically by the SDK.

Please let me know if this is not your problem.

---
Thanks and greetings
Stephan
Re: Browser bypasses authentication step [message #1064326 is a reply to message #1064181] Tue, 18 June 2013 18:07 Go to previous messageGo to next message
Boy D'Poy is currently offline Boy D'PoyFriend
Messages: 56
Registered: October 2011
Member
Hi!

Thank you for the reply, but the LogoutFilter behaviour is not the problem.
The same problem occurs even in the previous version of Scout (3.8.x).

Steps to reproduce the bug:

1-With the SDK, create a well compiling and running project from scratch,
and implement:
--a/ the deconnection code
AbstractSession#stopSession()
.
--b/ the basic authentication mode using for example
BasicSecurityFilter
.

2-Try to connect to the application : at that point, the browser requires you to supply your credentials.

3-Choose for example allen/allen.

4-Disconnect from the implemented action : at that point allen's session is cleared, you can monitor it 2 minutes after at : http://localhost:8080/test/process .

5-DO NOT CLOSE YOUR BROWSER and try to connect again to : http://localhost:8082/web:
at that point occurs the ABNORMAL BEHAVIOUR (I THINK): NO PROMPT DIALOG is displayed and you are automatically logged in as allen ... each time you repeat these steps ... until you choose to close your browser. ;(

So how is it possible at step 5 to enforce the browser showing before continuing, the authentication dialog box?


Regards!


Once You Go Scout, You Never Come Out!

[Updated on: Tue, 18 June 2013 18:58]

Report message to a moderator

Re: Browser bypasses authentication step [message #1064933 is a reply to message #1064326] Fri, 21 June 2013 17:25 Go to previous message
Boy D'Poy is currently offline Boy D'PoyFriend
Messages: 56
Registered: October 2011
Member
as a non JEE developer I got to learn a lot before! ;(

http://stackoverflow.com/questions/2180206/how-to-force-jetty-to-ask-for-credentials-with-basic-authentication-after-invali


Once You Go Scout, You Never Come Out!

[Updated on: Fri, 21 June 2013 17:25]

Report message to a moderator

Previous Topic:target for kepler
Next Topic:Search form in second table page disappear
Goto Forum:
  


Current Time: Thu Nov 27 04:39:21 GMT 2014

Powered by FUDForum. Page generated in 0.02427 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software