Closed GoogleCodeExporter closed 9 years ago
Could you post a runnable example that reproduces this issue?
Original comment by ashish.dasnurkar
on 1 Mar 2011 at 3:00
Hi Ashish,
Here is the demo to reproduce the bug
I attached a rar (in 4 parts) file including 2 war files:
cas.war : jasig cas server (http://www.jasig.org/cas/)
hellozk.war : ZK + ZKSpring + Spring security + CAS client example:
Steps to reproduce the bug:
start the wars in a tomcat on port 8080 (the port is important beacuse its used in cas service params)
1) open: http://localhost:8080/hellozk/
2) You will be forwarded to cas (http://cas-server:8080/cas/login...)
3) login cas server using usr/passwd: admin/admin
4) You will be forwarded to hellozk: You'll see the "Secure Page Hello World"
5) press "logout" link
6) same as step 2
7) same as step 3
8) You'll see: {"rs":[]}
Please let me know if you need some help running this.
Thanks in advance,
Fernando
Original comment by fernando...@gmail.com
on 4 Mar 2011 at 2:49
Attachments:
attachement part 2 of 4
Original comment by fernando...@gmail.com
on 4 Mar 2011 at 2:55
Attachments:
attachment part 3 of 4
Original comment by fernando...@gmail.com
on 4 Mar 2011 at 2:58
Attachments:
attachment last part
Original comment by fernando...@gmail.com
on 4 Mar 2011 at 3:00
Attachments:
Hi!
I've encountered the same problem. I think the problem is zk - immediately
after session has become invalid - makes a call to some internal servlet, and
Spring Security, after user login, tries to make the same call again.
I partially solved this issue using a link to a jsp page when user clicks the
logout button, and this jsp page forwards to /j_spring_security_logout using an
html meta. (this works for logout done by users, but not for session timeout)
The only thing that solved this issue was granting anonimous access to /zkau/**
in spring security configuration.
I don't know if it's a bad idea or not, in my case I don't need to care much
about, but I think in many situations this is not a valid solution!
Original comment by marco.gu...@gmail.com
on 7 Mar 2011 at 9:12
Hi !
I am stuck ! How can I get rid of this problem ? (the {"rs":[]} showing up in
my browser)
Thanks in advance for your help.
Mawane.
Original comment by marwane....@gmail.com
on 18 Jul 2011 at 12:53
Hi marwane:
I had to apply marco.gu's workaround (comment 6), because we haven't got any response for this issue.
I´ve configured spring security filters this way:
<security:http entry-point-ref="casAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
auto-config="true">
<security:intercept-url pattern="/zkau/**" filters="none" />
...
</security:http>
place /zkau/**" as first filter in the list
Original comment by fernando...@gmail.com
on 28 Jul 2011 at 1:57
Hi! After further investigation, I think this is not at issue at all, at least
not strictly speaking.
A possible solution, more elegant than the above posted work-around, could be:
<s:form-login login-page="/login.jsp" always-use-default-target="true" authentication-failure-url="/login_fail.jsp" />
setting always-use-default-target to true.
This is certainly a clearer way than the previous, I hope it can help!
Original comment by marco.gu...@gmail.com
on 1 Aug 2011 at 7:35
Original comment by hawkc...@potix.com
on 5 Sep 2011 at 6:41
I have confirmed with Ashish that this is a configuration issue.
Original comment by hawkc...@potix.com
on 5 Sep 2011 at 6:43
hello every one can anyone explain exactily for me how to make the true
configration between spring security and zk framwork coz i have the same issue
here .
my app zk java code from scratch so i logout and lofgin using java code no tags zk in my web appliction . so from java how to kill spring sesion ans zk session ant same time
plus of that how to solve rs[]{} error !!!!!!!!
Original comment by progbish...@gmail.com
on 14 Mar 2013 at 1:03
Any new about this issue?
Original comment by eddu.mel...@gmail.com
on 19 Jul 2013 at 7:34
Original issue reported on code.google.com by
fernando...@gmail.com
on 2 Sep 2010 at 5:19Attachments: