Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-4066

RestartResponseAtInterceptPageException.InterceptData is never cleared

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.5.1
    • Component/s: wicket
    • Labels:
      None

      Description

      RestartResponseAtInterceptPageException.InterceptData is supposed to be cleared after continueToOriginalDestination() is called. This is accomplished via RestartResponseAtInterceptPageException.MAPPER, which is registered in the SystemMapper.

      However there seems to be a serious bug here. The MAPPER always returns a compatibilityScore of 0, and thus is never actually invoked. The InterceptData is thus never cleared. Furthermore, even if the MAPPER did return a Integer.MAX_VALUE score, it would still not be invoked in many scenarios, since other mappers in the SystemMapper are registered later and therefore have higher priority.

      In practice, this can lead to very odd login behavior in Wicket applications (which is where RestartResponseAtInterceptPageException is typically used). For example, if the user clicks a "login" link they may end up on a totally unexpected page, due to stale InterceptData that is hanging around in the session.

      I am attaching a quick start that demonstrates the problem, as well as a patch the fixes the compatibilityScore and moves the MAPPER to a higher priority in the SystemMapper.

        Attachments

        1. WICKET-4066-quickstart.tgz
          19 kB
          Matt Brictson
        2. WICKET-4066.patch.txt
          3 kB
          Matt Brictson

          Activity

            People

            • Assignee:
              mgrigorov Martin Grigorov
              Reporter:
              mbrictson Matt Brictson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: