Hi all,
JDeveloper : 11.1.1.3.0 (5660)
JHeadstart : 11.1.1.2.46
I've created a simple HR app and enabled JHeadstart/created app definition. I set both Authentication and Authorization types to "Custom" and ticked the box "Secure all pages" then generating the application.
Running the generated index.jsp sends me into an endless login/home page loop.
1. Request URL is Home.jspx
2. User not logged in so forwards to Login.jspx
3. Next pass through Authenticationfilter though is not Login.jspx but Home.jspx with query parameters
afrLoop=70307649479278&afrWindowMode=0&_afrWindowId=null
4. Once again, goes to forward to Login.jspx
5. Next pass through AuthenticationFilter request url is Login.jspx (with above parameters) so drops out the bottom of the doFilter method
6. Next pass through AuthenticationFilter request is back to Home.jspx and I've not seen the Login page ?
7. And so the loop continues endlessly
The log looks like :
Target URL -- http://127.0.0.1:7101/HR-ViewController-context-root/index.jsp
Source breakpoint occurred at line 211 of AuthenticationFilter.java.
21-Jul 15:47:02 DEBUG (AuthenticationFilter) -Requested URL: http://127.0.0.1:7101/HR-ViewController-context-root/faces/pages/Home.jspx
21-Jul 15:47:38 DEBUG (AuthenticationFilter) -User is not logged in
21-Jul 15:48:19 DEBUG (AuthenticationFilter) -Storing requestedURI http://127.0.0.1:7101/HR-ViewController-context-root/faces/pages/Home.jspx as session attribute using key jhsPreLoginUri
21-Jul 15:49:10 DEBUG (AuthenticationFilter) -Forwarding to: /faces/security/pages/Login.jspx
Source breakpoint occurred at line 211 of AuthenticationFilter.java.
21-Jul 15:52:12 DEBUG (AuthenticationFilter) -Requested URL: http://127.0.0.1:7101/HR-ViewController-context-root/faces/pages/Home.jspx
21-Jul 15:52:29 DEBUG (AuthenticationFilter) -User is not logged in
21-Jul 15:56:01 DEBUG (AuthenticationFilter) -Storing requestedURI http://127.0.0.1:7101/HR-ViewController-context-root/faces/pages/Home.jspx?_afrLoop=70307649479278&_afrWindowMode=0&_afrWindowId=null as session attribute using key jhsPreLoginUri
21-Jul 15:56:24 DEBUG (AuthenticationFilter) -Deeplink Param :_afrLoop stored in session with value:70307649479278
21-Jul 15:56:24 DEBUG (AuthenticationFilter) -Deeplink Param :_afrWindowMode stored in session with value:0
21-Jul 15:56:24 DEBUG (AuthenticationFilter) -Deeplink Param :_afrWindowId stored in session with value:null
21-Jul 15:58:28 DEBUG (AuthenticationFilter) -Forwarding to: /faces/security/pages/Login.jspx?_afrLoop=70307649479278&_afrWindowMode=0&_afrWindowId=null
Source breakpoint occurred at line 211 of AuthenticationFilter.java.
21-Jul 15:59:44 DEBUG (AuthenticationFilter) -Requested URL: http://127.0.0.1:7101/HR-ViewController-context-root/faces/security/pages/Login.jspx
21-Jul 16:00:23 DEBUG (AuthenticationFilter) -Proceeding to login URL
Source breakpoint occurred at line 211 of AuthenticationFilter.java.
21-Jul 16:01:35 DEBUG (AuthenticationFilter) -Requested URL: http://127.0.0.1:7101/HR-ViewController-context-root/faces/pages/Home.jspx
21-Jul 16:02:27 DEBUG (AuthenticationFilter) -User is not logged in
21-Jul 16:02:27 DEBUG (AuthenticationFilter) -Storing requestedURI http://127.0.0.1:7101/HR-ViewController-context-root/faces/pages/Home.jspx as session attribute using key jhsPreLoginUri
21-Jul 16:02:27 DEBUG (AuthenticationFilter) -Forwarding to: /faces/security/pages/Login.jspx
I haven't changed anything else from a brand new jheadstart def file accept for the security settings as mentioned.
What is going wrong here ?
Also, more out of curiosity then anything else I notice that the filter-mapping for the jhsAuthenticationFilter used to be "*.jspx" and is now "/faces/*" - was that necessary because of the different way the pages are constructed in 11g ?
Many thanks for your help !
Cheers,
Brent