I use org.apache.shiro.web.servlet.ShiroFilter and it redirects to login.jsp as per configuration authc.loginUrl = /login.jsp in my shiro.ini
How to get the original request URL in the login.jsp
PS:
Say my url was localhost:8080/myApp/i.html now it redirects to login.jsp
I have ExtJs app for login and after successful authentication i want to redirect back to i.html the URL user actually requested for.
You can use WebUtils class of shiro to get original request like this
WebUtils.getAndClearSavedRequest(request)
Related
I have a big problem. I'm sending a request on postman. Then, the url is redirected. I can see the redirected url in Postman console. But I can't access it from the test tab. I need to access the redirected url because the token is generated here. I can do the same operation using the regular expression extractor in JMeter. But I can't do it in Postman. How can I do this in postman? Can you help me?
enter image description here
You can turn off redirects on a specific request (toggle Automatically follow redirects):
Then you can access the Location header contents through:
pm.response.headers.get('Location')
Following that, you can hit the redirect URL via sendRequest or saving the URL in a Postman variable and using setNextRequest.
I am attempting to Login to my app with JMeter Script.
I have Cookie Manager and a Cache Manager added
My Thread Group script
GET on main login page (/app) to return session id and form fields
and cookie
POST of completed form fields with cookie (/posthandler) with "follow redirects
What happens is
POST sends initial cookie (from GET) and form fields and logs in ok
the session is established (I see a record in our app database)
the response is a redirect with a new cookie
JMeter redirects (GET) to the session url (/app?session=xxxxx)
this goes with "[no cookies]" (according to request panel)
As that request arrives without the new cookies - the app issues a second redirect back to the login page.
So is there a way to force the GET Redirect after the POST response to send the cookie?
My theory is that JMeter is that, because of the different URI path for the POST and redirect GET, JMeter is not sending the cookie.
I have tried
various Cookie Manager settings (standard, default, compatibility).
followed this Understanding and Using JMeter Cookie Manager and set check.cookies=false.
and advice SO - JMeter: Login flow involving URL redirection not working including making sure there was an init
My problem was self-inflicted !
I was running against a different environment than usual which had a different context root e.g. /test/app rather than /app. For this I amended my ${Domain} User parameter with "my.domain.com/test" rather than adjust all the Path settings.
For requests sent this approach appeared to work as the ${Domain}+${Path} resolved to the correct URL - but the Cookies created by the server were for ${Path} (as in /test/app) and JMeter was seeing this differently (as in /app).
I have now introduced a ${CtxRoot} User variable (set to /test/) and prepended this to all my Path values - and my Login is now working.
The default process when authenticating user on OpenAM/OpenSSO works with a 302 http redirection, opening OpenAM/OpenSSO authentication formular. The original URL is stored into "goto" parameter, which allows OpenAM/OpenSSO to redirect the user back on orignal URL after correct authentication.
This works well when using HTTP GET method (i.e. when entering URL), but it is not suitable for POST method. For instance, if the session expires while the user posts a HTML form, the data are lost because HTML form inputs are not present in goto parameter.
Do you know it it is possible to configure J2EE Agent in order it re-posts user HTML form after valid authentication ?
Both the Java EE and the Web agents support post data preservation, see the documentation.
I'm trying to pass some variables to my facebook app from the url, i.e. using GET variable app_data like facebook wants.
At some point I've stopped getting the ['signed_request'] part of the $_REQUEST. When I print_r($_REQUEST) I'm getting: ['doc'], ['user'], ['__utmz'], ['__utma'] and ['session'] values, but not signed request :(
Any ideas of why this might be happening?
Check the tab/canvas url is EXACTLY the same as required. If there is a redirect to another page, then signed request and other values will not be sent. You can check using a browser sniffer, if a call to the page responds with a 300 (301/302 etc) redirect, then you need to change to what it redirects to.
Examples:
https://example.com/ may need to be https://www.example.com/ (add www., or remove www. depending on how server is set up)
www.example.com/ may need to be www.example.com/index.php (add index.php, or the right page).
Check you are using http:// and https:// correctly in the URLs, and that https:// returns a valid page.
I've only been able to get the signed request in https://, i get no request at all in http.
Currently have a bug on FB, but no word on fixing it yet; http://developers.facebook.com/bugs/264505123580318?browse=search_4eb3ef23eb18d6649415729
EDIT:
http://SITE.com was redirecting to http://www.SITE.com, so I was loosing the request variables.
Had a similar issue, for me it was as simple as a mismatch of the app id and app secret! However in facebook developers backend I have noticed that the URLs all need to have that trailing slash!
Some browsers do redirect your request to https automatically if you have been on this particular site on https so if you are in http mode on facebook there is situation:
facebook requests http version of your app, browser redirect this request of facebook to https and POST data and thus signer_request are gone in this process...
i see this problem in chrome 23, if you delete browsin data (particulary Deauthorize content licenses) app should run back on http
Before form is submit it go through session checking and if session was timeout it will redirect to login page. This is where the problem occur because it is ajax form submit so failure: handle this, but what extjs return to separate redirect from other kind of error ?
If your session is timed out, do you need the server to return a json and handle it in the failure or success handler of the ajax request?
But if your session has expired, you need to redirect the user to your login page. In that case, you need not worry about what the json response would be and how ExtJS will handle it.
For a 302 error, its the web server that provides the alternate URL and not the browser. The 302 response from the Web server should always include an alternative URL to which redirection should occur. So, in your case you should redirect the user to the login page of your application.