Bug #37377
Internal Request Engine needs to clear security context
| Status: | Resolved | Start date: | 2012-05-21 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | - | % Done: | 100% |
|
| Category: | Http | |||
| Target version: | TYPO3 Flow Base Distribution - 2.0 beta 1 | |||
| PHP Version: | 5.3 | Complexity: | ||
| Has patch: | No | Affected Flow version: | Git master |
Description
In order to get the security tokens matching the new request created in the internal request engine, the security context should be cleared using the "clearContext" method. This means that the tokens will be matched with the configuration from the routing based on the new request and not the parent request.
This breaks "TYPO3\TYPO3\Tests\Functional\Controller\Backend\BackendControllerSecurityTest::indexActionIsDeniedForEverybody", because it throws an uncaught exception in the AuthenticationProviderManager, since no tokens are available when trying to authenticate. The reason why there aren't any tokens is, that the tokens are separated active/inactive when initializing the security context. When clearing the context, the separate method is called again with the correct controller object names allowing request pattern matching.
Associated revisions
[BUGFIX] Internal Request Engine needs to clear security context
In order to get the security tokens matching the new request created
in the internal request engine, the security context should be cleared
using the "clearContext" method. This means that the tokens will be
matched with the configuration from the routing based on the new request
and not the parent request.
This patch also contains a small enhancement which adds two additional
headers to the virtual browser's response containing the code and message
of a possible exception.
Change-Id: I72b1c22e832fc02d7cf76c1467fa0eb09b491b66
Fixes: #37377
Releases: 1.1, 1.2
[BUGFIX] Internal Request Engine needs to clear security context
In order to get the security tokens matching the new request created
in the internal request engine, the security context should be cleared
using the "clearContext" method. This means that the tokens will be
matched with the configuration from the routing based on the new request
and not the parent request.
This patch also contains a small enhancement which adds two additional
headers to the virtual browser's response containing the code and message
of a possible exception.
Change-Id: I72b1c22e832fc02d7cf76c1467fa0eb09b491b66
Fixes: #37377
Releases: 1.1, 1.2
History
#1 Updated by Gerrit Code Review about 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11390
#2 Updated by Gerrit Code Review about 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11390
#3 Updated by Gerrit Code Review about 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11390
#4 Updated by Gerrit Code Review about 3 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11390
#5 Updated by Gerrit Code Review about 3 years ago
Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11390
#6 Updated by Gerrit Code Review about 3 years ago
Patch set 6 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11390
#7 Updated by Anonymous about 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset f67078cb7d88cc8c1c058244c63239fbd3616d92.
#8 Updated by Gerrit Code Review about 3 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/12115
#9 Updated by Anonymous about 3 years ago
- Status changed from Under Review to Resolved
Applied in changeset ec5121249cf900fac1675014b3c5eaf445db5e39.