-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi,
I have an application that uses zk7 and spring security. We have integrated with CAS SSO and having login issues when there is a slow internet connection. User is looping back to login screen and never get to the home page of the application even though authentication is successful. The issue is once the user is authenticated with CAS, the user is redirecting to '/zkau' url where it supposed to redirect to 'careWeb.zul' first which the landing page for the application. This is happening only when there is slow internet connection. When there is a fast internet connection, 'careWeb.zul' redirection happens first and then '/zkau' gets called as expected. I feel there is some race condition that zk looks for and picks the redirection url order.
I have been struggling with this issue sincle couple of months. I know whats causing the issue but no clue how to fix it. I really appreciate your responses. Thanks!
difficult to say what's going on there without actually seeing when, how it happens, what it does at the network and server side... etc.
In your browser's developer tools (network tab) you can trace which request(s) are sent/received and in which order (there's no need to guess) it will be written in plain text how long a request took, when/what was sent and what was received. The developer tools also allow to simulate a slow connection (latency/bandwidth) to reproduce a certain scenario more reliably.
In my experience these type of questions/problems are unlikely to solve in a forum, since it's almost impossible to provide all the reproducing details.
If urgent please contact [email protected] asking for dedicated support (e.g. a zoom session so we can look directly into your environment)
(/upfiles/16207334821023756.png)
Thanks for your comments. I have already simulated the issue in chrome developer tools by setting to 'Fast 3G' and 'No throttling'. Please compare the attached screen shots and compare working and non working cases. As fyi...we have set '/zkau' url pattern urls are allowed as 'ANONYMOUS USER' if that helps at all in the applicationContext.xml (<security:intercept-url pattern="\A/zkau\Z" access="IS_AUTHENTICATED_ANONYMOUSLY"/>)
So in failed case, by the time call goes to '/tEMR' the spring security context is updated with 'ANONYMOUS USER' (as it is intercepted by /zkau call which flips the security context to ANONYMOUS USER ) hence looping back to login screen.
Hope this detail helps a bit further.
One question...is the dedicated support free of cost or charged?
Thanks!
hmm...looks like I can not upload screen shots.
Says "sorry, file uploading requires karma >100" what does this mean?
There are a few things that I currently cannot place:
Regarding the page loading order, what I would expect to see would be:
1 -> login.html page with the username and password form controls
2 -> post form to the jspringsecurity_check url, perform authentication at session level, etc.
3 -> jspringsecurity_check response contains a 302 redirect to the landing page
4 -> landing zul page loads scripts, etc
From the network panel, it looks like you are already in a loaded ZK page, then post a zkau request (which goes through with result 200, since the /zkau url is allowed for anonymous users)
From there, it looks like the request to tERM is either successful (returns 200), or is redirected to yet another target.
I think this should be easier to handle in a support ticket in order to check the event order and results in a remote session
Hi Mat,
I was busy with other projects and finally able to take a look into this issue. After I recall the summary from our meeting I remember you mentioned about changing something in the code just to make sure that it is actually causing the issue. I know its been a while and you might have forgotten the issue. If you remember anything and give some hints that would be really great. Here, I am attaching the screen shot of the code snippet where we left off. Can you confirm is this is the code that you mentioned about changing something here and test? Also we looked into 'onClientInfo' and 'onResetTimer' events and I believe 'onClientInfo' is the one that may be causing the issue. I really appreciate your help. Thanks!
Hey there hmannam,
From memory, what we found out last time was:
logging.level.org.springframework.security=DEBUG
or other relevant to your setup.Hi Mat, I really appreciate your response. In addition to your comments yesterday when I was debugging, I found that 'rmDesktop' gets called somewhere which makes the Securitycontext to create a brand new session looks like. I may ne wrong but this may be a after the fact kind of event happens after user has redirected back to login screen. I need to figure out what is causing the 'rmDesktop' event firing. That might help or at least lead to something. This is the code snippet that pulls the Security context,
public static SecurityContext getSecurityContext(HttpServletRequest request) {
HttpSession session = request.getSession(false);
System.out.println("haritha id: " + request.getParameter("cmd_0") +
"and session is " + session);
boolean ignore = "rmDesktop".equals(request.getParameter("cmd_0"));
return ignore || session == null ?
SecurityContextHolder.createEmptyContext() :
getSecurityContext(session, request.getParameter("dtid"));
}
Hi there,
the rmDesktop call is sent by the browser during "onBeforeUnload" (when the page is closed, or when navigation to a different page happens) It's a cleanup mechanism that removes the ZK desktop when the associated browser page is closing.
Based on your description, this rmDesktop is most likely sent by the first page when receiving the navigation event triggering the redirect to the login screen.
Asked: 2021-05-06 23:06:30 +0800
Seen: 32 times
Last updated: Jun 17 '21