login again right after logout caused the blank page

**bliu72** · Dec 16th, 2009, 10:33 AM

After created a new roo project (RC3), I secured the project so user has to login to access the page. This works correctly, when user is access the index.jspx page, a login page is presented to him. When user enters correct user/pass, then he is logged in. Then logout right way, a login page is presented again, then enter the correct user name and password and login again, this time, a blank page is presented to the user and user goes nowhere. The html source for the blank page is:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type></HEAD>
<BODY></BODY></HTML>

I am using windows xp.

thanks

**bliu72** · Dec 16th, 2009, 10:43 AM

here is the console log after user second login.

Rendering view [org.springframework.web.servlet.view.tiles2.TilesV iew: name 'log
in'; URL [login]] in DispatcherServlet with name 'demoroo'
Successfully completed request
DispatcherServlet with name 'demoroo' determining Last-Modified value for [/demo
roo/app/index]
Mapping [/index] to handler 'org.springframework.web.servlet.mvc.UrlFilenameVi ew
Controller@744957c7'
Last-Modified value for [/demoroo/app/index] is: -1
DispatcherServlet with name 'demoroo' processing GET request for [/demoroo/app/i
ndex]
Returning view name 'index' for lookup path [/index]
Rendering view [org.springframework.web.servlet.view.tiles2.TilesV iew: name 'ind
ex'; URL [index]] in DispatcherServlet with name 'demoroo'
Successfully completed request

**Ben Alex** · Dec 17th, 2009, 03:41 PM

Can you please try it with Roo RC4 and let us know? Ideally recreate the project in RC4 as it extensively updates the web structure of generated applications and also the latest Spring Security version. If it still doesn't work, please run the 'backup' command and attach the resulting ZIP file here so we can give it a try. Roo should support login/logout out of the box without any issues or special configuration being required, so we'd like to get to the bottom of this issue....

**bliu72** · Dec 17th, 2009, 10:51 PM

Originally Posted by Ben Alex

Can you please try it with Roo RC4 and let us know? Ideally recreate the project in RC4 as it extensively updates the web structure of generated applications and also the latest Spring Security version. If it still doesn't work, please run the 'backup' command and attach the resulting ZIP file here so we can give it a try. Roo should support login/logout out of the box without any issues or special configuration being required, so we'd like to get to the bottom of this issue....

Hi Ben,

It is still reproducible. I have attached zip file from backup command. thanks

Also this is my configuration for security:

a) modify applicationContext-security.xml
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/static/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
<logout logout-url="/static/j_spring_security_logout"/>
<intercept-url pattern="/userroles/**" access="hasRole('ADMIN_ROLE')"/>
<intercept-url pattern="/users/**" access="hasRole('ADMIN_ROLE')"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/login**" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />

</http>

<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="myUserDetailsService"/>
</authentication-manager>

b) modify applicationContext.xml, add
<bean id="myUserDetailsService" class="com.springsource.demoroo.security.UserDetai lsServiceImpl" />

c) create UserDetailsServiceImpl.java with content
package com.springsource.demoroo.security;

import java.util.ArrayList;
import java.util.List;

import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.User Details;
import org.springframework.security.core.userdetails.User DetailsService;
import org.springframework.security.core.userdetails.User nameNotFoundException;
import org.springframework.security.core.userdetails.User ;
import org.springframework.security.core.GrantedAuthority ;
import com.springsource.demoroo.service.SecurityManager;
import com.springsource.demoroo.service.SecurityManagerIm pl;

public class UserDetailsServiceImpl implements UserDetailsService {
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
SecurityManager secMgr = new SecurityManagerImpl();
User user = secMgr.getUser(username);
return user;
}

}

d) create SecurityManager.java with content
package com.springsource.demoroo.service;

import java.io.Serializable;

import org.springframework.security.core.userdetails.User ;

public interface SecurityManager extends Serializable {
public User getUser(String userName);
}

e) create SecurityManagerImpl.java with content
package com.springsource.demoroo.service;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.persistence.PersistenceException;

import org.springframework.security.core.GrantedAuthority ;
import org.springframework.security.core.context.Security ContextHolder;
import org.springframework.security.core.userdetails.User ;

import com.springsource.demoroo.service.SecurityManager;
import com.springsource.demoroo.domain.Users;
import com.springsource.demoroo.domain.UserRoles;
import com.springsource.demoroo.service.SecurityManagerIm pl;
import org.springframework.security.core.authority.Grante dAuthorityImpl;

public class SecurityManagerImpl implements SecurityManager {
private static final long serialVersionUID = 1L;
public User getUser(String userName) {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();
User user = null;
Users users = null;

try {
// Cast due to http://java.sun.com/javaee/5/docs/ap...tSingleResult()
users = (Users) Users.findUsersesByUserNameEquals(userName).getSin gleResult();
Set<UserRoles> userRoles = users.getRoles();

for (UserRoles userRole : userRoles) {
authList.add(new GrantedAuthorityImpl(userRole.getRoleName()));
}

user = new User(
users.getUserName(),
users.getPassword(),
true,
true,
true,
true,
authList);
} catch (Exception ignored) {
ignored.printStackTrace();
}

return user;
}
}

**brucebaron** · Dec 19th, 2009, 12:08 PM

I'm experiencing the same issue using the wedding example. It seems to be intermittent. I can get the page displayed with the browser refresh button. I'm using firefox 3.0.15 on Ubuntu 9.04, STS 2.3.0, ROO 1.0.0-RC4. Attached is the STS project.

**bliu72** · Dec 20th, 2009, 01:05 PM

Originally Posted by brucebaron

I'm experiencing the same issue using the wedding example. It seems to be intermittent. I can get the page displayed with the browser refresh button. I'm using firefox 3.0.15 on Ubuntu 9.04, STS 2.3.0, ROO 1.0.0-RC4. Attached is the STS project.

Yes, pressing browser refresh button works, but I don't expect user has to press browser refresh button manually after login :-) Seems this is a pretty serious issue.

**Ben Alex** · Dec 22nd, 2009, 10:43 PM

We've been able to reproduce this (or at least an issue with similar or the same symptoms) and will investigate it more fully.

**Stefan Schmidt** · Dec 22nd, 2009, 11:18 PM

We just did some further tests and were only able to reproduce the blank page behaviour when using Safari under Mac OSX. Clearing the cache seems to correct the issue. Can you confirm that you are also using Safari?

Other browsers we have tested successfully were FireFox 3.5, Opera 10 and Chrome 4.

-Stefan

**kentsymanzik** · Dec 29th, 2009, 08:16 AM

I am experiencing this exact problem with Spring Security 3 RC1 using IE 6. I am not using ROO. Everything works fine in FireFox.

It appears that IE is caching a blank page but I can't figure out what is generating the blank page in the first place.

Found this thread that seems similar: http://forum.springsource.org/showthread.php?t=71590 I am using org.springframework.web.filter.DelegatingFilterPro xy, could it be that the filter is generating the blank page ?

Kent

**Andrew Swan** · Jan 31st, 2010, 11:26 PM

I can reproduce this consistently in Roo 1.0.1, as follows:

Run this script:

Code:

project --topLevelPackage oops
persistence setup --provider HIBERNATE --database HYPERSONIC_IN_MEMORY 
entity --class ~.Thing 
controller all --package ~.web
security setup

Exit Roo.

Change the intercept URLs in applicationContext-security.xml to read:

Code:

<intercept-url pattern="/thing/**" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />

Do a mvn jetty:run
Click the "List all Things" link; you will be prompted to log in.
Log in as admin/admin; the requested list appears.
Click the "Logout" link; the home page appears.
Click the "List all Things" link again; you will again be prompted to log in (everything up to this point is as you'd expect).
Log in as admin/admin and note that either (a) the login page is redisplayed (on Firefox) or (b) a blank page is displayed (on IE 7). Despite the wrong view being shown, you are now logged in and can navigate to any secured URLs without seeing the login page again. After the second login, you should have been taken to the "List all Things" view as you were in step 6.

There's no open JIRA issue to this effect; should I log one?

Thread: login again right after logout caused the blank page

Thread Tools

Display

login again right after logout caused the blank page

Testing Result from RC4

Refresh works

Still happening in both FF and IE 7

Posting Permissions