Still happening in both FF and IE 7
I can reproduce this consistently in Roo 1.0.1, as follows:
- Run this script:
project --topLevelPackage oops
persistence setup --provider HIBERNATE --database HYPERSONIC_IN_MEMORY
entity --class ~.Thing
controller all --package ~.web
- Exit Roo.
- Change the intercept URLs in applicationContext-security.xml to read:
<intercept-url pattern="/thing/**" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />
- Do a mvn jetty:run
- Click the "List all Things" link; you will be prompted to log in.
- Log in as admin/admin; the requested list appears.
- Click the "Logout" link; the home page appears.
- Click the "List all Things" link again; you will again be prompted to log in (everything up to this point is as you'd expect).
- Log in as admin/admin and note that either (a) the login page is redisplayed (on Firefox) or (b) a blank page is displayed (on IE 7). Despite the wrong view being shown, you are now logged in and can navigate to any secured URLs without seeing the login page again. After the second login, you should have been taken to the "List all Things" view as you were in step 6.
There's no open JIRA issue to this effect; should I log one?
"Now is the EJB of our discontent made glorious Spring"