-
Notifications
You must be signed in to change notification settings - Fork 171
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LUI-170 - Not redirecting to requested page after redirected to login… #130
Conversation
… page This adds a new request filter that sets the redirect url on the session to the currently requested url if the user is not authenticated and it is not already set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This mostly looks good to me and fixes some rather annoying behaviour.
if (log.isDebugEnabled()) { | ||
log.debug("Set " + OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR + " = " + redirectUrl); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (log.isDebugEnabled()) { | |
log.debug("Set " + OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR + " = " + redirectUrl); | |
} | |
log.debug("Set {} = {}", OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR, redirectUrl); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense.
} | ||
} | ||
catch (Exception e) { | ||
// Ignore errors here to prevent any failures from disrupting service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we maybe log exceptions, at least initially?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't hurt
String requestURI = httpReq.getRequestURI(); | ||
if (!Context.isAuthenticated()) { | ||
if ("GET".equalsIgnoreCase(httpReq.getMethod()) && !requestURI.contains("login.")) { | ||
if (req.getAttribute(OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR) == null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this check actually work? I can see we use it elsewhere, but it seems like this should be something like:
req.getSession(false).getAttribute(OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR) == null
When I try naïvely to call:
req.getSession().setAttribute("MyAttribute", "SomeValue");
And then do:
req.getAttribute("MyAttribute")
The response is still null
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, sorry, yeah, good catch. I was initially setting a request attribute and then changed it when I recognized it was supposed to be a session attribute, but didn't change this.
… page Follow-up tweaks following code review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ibacher - great suggestions. Those are pushed above.
String requestURI = httpReq.getRequestURI(); | ||
if (!Context.isAuthenticated()) { | ||
if ("GET".equalsIgnoreCase(httpReq.getMethod()) && !requestURI.contains("login.")) { | ||
if (req.getAttribute(OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR) == null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, sorry, yeah, good catch. I was initially setting a request attribute and then changed it when I recognized it was supposed to be a session attribute, but didn't change this.
if (log.isDebugEnabled()) { | ||
log.debug("Set " + OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR + " = " + redirectUrl); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense.
} | ||
} | ||
catch (Exception e) { | ||
// Ignore errors here to prevent any failures from disrupting service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't hurt
… page
This adds a new request filter that sets the redirect url on the session to the currently requested url if the user is not authenticated and it is not already set.