double login sometimes

Vlad_STAN · March 2, 2011, 6:48pm

Hi,

If the user clicks the Logout link after his session has expired he is redirected to the login page, but the URL is of the form:

[b]http://myServer:8585/?method=logout&returnUrl=/[/b]

instead of:
[b]http://myServer:8585/[/b]

The user enters his credentials, and after clicking the Login button, he is redirected do the login page (as expected, because of the URL).

Do you know I could force MWS to have the URL http://myServer:8585 even if Logout is executed when the session is expired?

One way I think is to force a redirect when ?method=logout&returnUrl=/ is present.

br,
Vlad

system · March 3, 2011, 6:46am

You’ll want to create a Servlet Filter and test for the conditions of: 1) Invalid User and 2) those request params. You’ll need to manually create your own Filter as well as deploy it to the class path and update the main web.xml inside of the deploy/portal.war/WEB-INF directory.

Regards,
–mark


package com.softwareag.mws.servlet;

import java.io.IOException;


import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.webmethods.portal.framework.auth.AuthInfo;

/**
 * Servlet that redirects requests at "/?method=logout&returnUrl=/" to "/"
 */
public class LogoutHomeFilter implements Filter {
	private static final long serialVersionUID = 1L;

	/* (non-Javadoc)
	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
	 */
	public void init(FilterConfig arg0) throws ServletException {
	}
	
	/* (non-Javadoc)
	 * @see javax.servlet.Filter#destroy()
	 */
	public void destroy() {
	}

	/* (non-Javadoc)
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	public void doFilter(ServletRequest req, ServletResponse resp,
			FilterChain chain) throws IOException, ServletException {

		HttpServletRequest httpReq = (HttpServletRequest)req;
		HttpServletResponse httpResp = (HttpServletResponse)resp;
		
		try {
			AuthInfo authInfo = AuthInfo.getAuthInfo(httpReq.getSession());
			if (authInfo != null && authInfo.isAuthenticated() && 
				httpReq.getParameter("method").equals("logout")) {
				
				// send 303 instead of 302
				httpResp.setStatus(HttpServletResponse.SC_SEE_OTHER);
				httpResp.addHeader("Location", httpReq.getContextPath());
				httpResp.flushBuffer();
			} else {
				chain.doFilter(req, resp);
			}
		} catch (Exception e) {
			//debug as interested
			chain.doFilter(req, resp);
		}
	}
}