Uploaded image for project: 'Central Authentication Service'
  1. Central Authentication Service
  2. MGNLCAS-20

Do not invalidate session if user visiting unauthorized URL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 1.3.2
    • 1.3, 1.3.1
    • None
    • Kromeriz 70
    • 2

      nwing:

      I've just reviewed all these changes, and they look good, except that the issue resolved by my second patch file is still an issue in your version.
      To fix it, remove the session invalidation in CASClientCallback.handleUnauthorizedUser(). If we invalidate the session at that point, and the unauthorized URL is an element on the page, like an image, it will disrupt our Vaadin communications and they get the dreaded "Communication Error".

        Acceptance criteria

          1. magnolia-module-cas-second.patch
            1 kB

              mdivilek Milan Divilek
              rkovarik Roman Kovařík
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: