Uploaded image for project: 'Central Authentication Service'
  1. Central Authentication Service
  2. MGNLCAS-20

Do not invalidate session if user visiting unauthorized URL

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 1.3.2
    • 1.3, 1.3.1
    • None
    • Kromeriz 70
    • 2

    Description

      nwing:

      I've just reviewed all these changes, and they look good, except that the issue resolved by my second patch file is still an issue in your version.
      To fix it, remove the session invalidation in CASClientCallback.handleUnauthorizedUser(). If we invalidate the session at that point, and the unauthorized URL is an element on the page, like an image, it will disrupt our Vaadin communications and they get the dreaded "Communication Error".

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mdivilek Milan Divilek
                rkovarik Roman Kovařík
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD