Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-4066

RestartResponseAtInterceptPageException.InterceptData is never cleared


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.5.1
    • Component/s: wicket
    • Labels:


      RestartResponseAtInterceptPageException.InterceptData is supposed to be cleared after continueToOriginalDestination() is called. This is accomplished via RestartResponseAtInterceptPageException.MAPPER, which is registered in the SystemMapper.

      However there seems to be a serious bug here. The MAPPER always returns a compatibilityScore of 0, and thus is never actually invoked. The InterceptData is thus never cleared. Furthermore, even if the MAPPER did return a Integer.MAX_VALUE score, it would still not be invoked in many scenarios, since other mappers in the SystemMapper are registered later and therefore have higher priority.

      In practice, this can lead to very odd login behavior in Wicket applications (which is where RestartResponseAtInterceptPageException is typically used). For example, if the user clicks a "login" link they may end up on a totally unexpected page, due to stale InterceptData that is hanging around in the session.

      I am attaching a quick start that demonstrates the problem, as well as a patch the fixes the compatibilityScore and moves the MAPPER to a higher priority in the SystemMapper.


        1. WICKET-4066.patch.txt
          3 kB
          Matt Brictson
        2. WICKET-4066-quickstart.tgz
          19 kB
          Matt Brictson



            • Assignee:
              mgrigorov Martin Grigorov
              mbrictson Matt Brictson
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: