#561 ✓resolved

Secure redirectToOriginalURL() flash.keep("url") failure

Reported by sebrichards | January 26th, 2011 @ 01:25 AM | in 1.3 (closed)

Framework version: 1.1.1
Platform you're using: OS X / Windows

Reproduction steps:

  • Navigate to a controller using @With(Secure.class)

  • Log in (assume using default Security implementation with 'true' returned from authenticate())

  • You're returned to '/', rather that the original request URL


(All within Secure.java inside the Secure module)

The initial use of flash.put("url", ...) in checkAccess(), along with subsequent uses of flash.keep("url") fail to achieve the desired (?) effect once credentials have been submitted from the form in login.html.

It appears that the call to flash.keep("url") in login() isn't persisting the desired value to the next request, as once the form data arrives at the authenticate() method the flash value has gone. Not sure where it's getting lost, but once the call chain reaches redirectToOriginalURL() and flash.get("url") is called, the value is long gone.

My obvious quick fix has been to use the session as opposed to the flash - but given my perceived intention of the existing code, I'm guessing that this is a bug.
Quite why the flash.keep() isn't working isn't clear to me, and I may have got the wrong end of the stick.

There has been mention of this in the group discussion, see:

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2>Play framework</h2>

Play makes it easier to build Web applications with Java. It is a clean alternative to bloated Enterprise Java stacks. It focuses on developer productivity and targets RESTful architectures. Learn more on the <a href="http://www.playframework.org">http://www.playframework.org</a> website.<br><br>

<h2>Source code is hosted on github</h2>Check out our repository at <a href="http://github.com/playframework/play">http://github.com/playframework/play</a><br><br>

<h2>Contributing, creating a patch</h2> Please read the <a href="http://play.lighthouseapp.com/projects/57987/contributor-guide">contributor guide</a><br><br>

<h2>Reporting Security Vulnerabilities</h2> Since all bug reports are public, please report any security vulnerability directly to <em>guillaume dot bort at gmail dot com</em>.<br><br>

<h2>Creating a bug report</h2> Bug reports are incredibly helpful, so take time to report bugs and request features in our ticket tracker. We’re always grateful for patches to Play’s code. Indeed, bug reports with attached patches will get fixed far quickly than those without any.<br><br>

Please include as much relevant information as possible including the exact framework version you're using and a code snippet that reproduces the problem.<br><br>

Don't have too much expectations. Unless the bug is really a serious "everything is broken" thing, you're creating a ticket to start a discussion. Having a patch (or a branch on Github we can pull from) is better, but then again we'll only pull high quality branches that make sense to be in the core of Play.