Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-4066

RestartResponseAtInterceptPageException.InterceptData is never cleared

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.5.1
    • wicket
    • None

    Description

      RestartResponseAtInterceptPageException.InterceptData is supposed to be cleared after continueToOriginalDestination() is called. This is accomplished via RestartResponseAtInterceptPageException.MAPPER, which is registered in the SystemMapper.

      However there seems to be a serious bug here. The MAPPER always returns a compatibilityScore of 0, and thus is never actually invoked. The InterceptData is thus never cleared. Furthermore, even if the MAPPER did return a Integer.MAX_VALUE score, it would still not be invoked in many scenarios, since other mappers in the SystemMapper are registered later and therefore have higher priority.

      In practice, this can lead to very odd login behavior in Wicket applications (which is where RestartResponseAtInterceptPageException is typically used). For example, if the user clicks a "login" link they may end up on a totally unexpected page, due to stale InterceptData that is hanging around in the session.

      I am attaching a quick start that demonstrates the problem, as well as a patch the fixes the compatibilityScore and moves the MAPPER to a higher priority in the SystemMapper.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            mgrigorov Martin Tzvetanov Grigorov
            mbrictson Matt Brictson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment