Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
2.1 Final
-
None
Description
I have wrapped Magnolia in Spring WebMVC ServletWrappingControllers. But the problem is possible in other "pure web.xml" situations, too. In order to extend a Magnolia based Website with some business logic for a custom search form I intercept a special URL /searchForm, then forward using the RequestDispatcher to a Magnolia handled /searchFormResult.html page. The assigned template displays the search results it gets from a request attribute.
This worked perfectly well in the authoring environment but stopped working in a public instance (as long as one didn't log in to the public's adminCentral to be precise). The reason being SecurityFilter's isAllowed method. If a session is authorized the method call returns before calling SecureURI.isProtected(Path.getURI(req)) which caches the decoded URI in a request attribute. Problem is: this results in caching "/searchForm" and not "/searchFormResult.html", as the filter runs before the business logic servlet and its call to the RequestDispatcher's forward() method.
As the caching doesn't even result in a measurable performance improvement (System.currentTimeInMillis() results in the same value before and after the call to getDecodedURI()...) I suggest to always return getDecodedURI(req) and drop the cache.
Checklists
Attachments
Issue Links
- is related to
-
MAGNOLIA-1698 Review usage of originalURI/currentURI, forward/include, virtualUriFilter
-
- Closed
-