Bug #41320 When login privileges are required please redirect to login page
Submitted: 9 Dec 2008 10:14 Modified: 29 Jan 2009 14:40
Reporter: Simon Mudd
Status: Closed
Category:Monitoring: Web Severity:S3 (Non-critical)
Version:2.0.0.7101 OS:Any
Assigned to: Josh Sled Target Version:2.0 maint release

[9 Dec 2008 10:14] Simon Mudd 
Description:
When logged in to merlin through the web interface it may be necessary to restart tomcat.
If this happens most access to the web interface still works fine. However some actions
like create user, rename server etc suddenly generate an error message requesting the
user to login.

How to repeat:
Login to web interface, restart tomcat, go and create a new web user. After entering the
user details you´ll get an error message

U0002 You must log in to access the requested resource.

Suggested fix:

1. If the user is not considered logged in redirect to the login page. Then this error
should not occur.

or

2. When this situation occurs redirect to the login page, and once the login is complete
redirect back to the original page, and complete the request.
[9 Dec 2008 10:17] Simon Mudd 
Note: Currently after you see the "you must login message" you go back to the same create
user screen, which of course you can´t complete...
[12 Dec 2008 23:12] Josh Sled 
revno: 6544
revision-id: jsled@asynchronous.org-20081212220544-xorzdcet2s387gmm
parent: andy@mysql.com-20081212211021-xg50nmowji6fdqj8
committer: Josh Sled <jsled@asynchronous.org>
branch nick: 2.0
timestamp: Fri 2008-12-12 17:05:44 -0500
message:
  Bug#41320: if the popup sees the "U0002" error message, then append a link to the login
page, retaining the current page url for post-auth redirection
[15 Dec 2008 20:57] Josh Sled 
I should note about this change:

* We do not redirect to the login page, we only add a link to the end of the message in
the popup window; the user will still need to click on the link.

* Post-login, we redirect to the base page that the user was on.  We do *not* try to
preform whatever operation they were trying to do for a few reasons (it's generally
unsafe, we don't necessarily have the same state we had before the server restart, the
operation they were trying to do might no longer make sense post-restart, &c.)
[15 Jan 2009 20:53] Marcos Palacios 
Tested OK with build 2.0.2.7131.
[29 Jan 2009 14:40] Tony Bedford 
An entry was added to the 2.0.2 changelog:

When login privileges were required the Service Manager did not redirect the user to the
login page. This resulted in error messages being displayed rather than simply
redirecting the user to the login page. This problem typically occurred if it was
necessary to restart Tomcat.