Hello,

In our PortalBean, the login.jsp does a POST action and uses the getFullViewURL() method to send the requestthe ActionProcess.jsp. Since the ActionProcess.jsp has a sendRedirect call to the homepage on aunthentication, , but we found out that some how it writes the username and user password to the web server logs for the GET call.

Please see the LOG line below.

LOG ===> "GET
/portal/site/cityshare/template.MAXIMIZE/action.display/?viewID=LoginProcess&submit.y=0&submit.x=0&username=test&userpass=apassword&beanID=854232697&fromLegacyURL=true
HTTP/1.1" 302 337

Any help is appreciated to avoid logging of the username and password.

Thanks in advance.

Hi,

The correct way is change your code and put your logic into the same portlet.
But there is a solution to your case. Insert the line below, to convert GET request to POST request:
InputStream is = new URL( "/portal/site/cityshare/template.MAXIMIZE/action.display/?viewID=LoginProcess&submit.y=0&submit.x=0&username=test&userpass=apassword&beanID=854232697&
fromLegacyURL=true" ).getInputStream();

More information: http://www.devx.com/Java/Article/17679/1954

Regards,
Viglet Team.

Thanks for the reply.

All the code is in the same portlet itself.

The login.jsp has a LoginProcess.java class that has the logic of authenticating and redirecting to home page on authentication.

the code in the jsp is like

String secureURL = "https://" + RequestUtilities.getServerName(request) + "/portal/site/" + RequestUtilities.getCurrentSiteName(request) + "/" + view.getBean().getFullViewURL("LoginProcess");

......

The view in the .pbd file is defined as



I see the following 5 lines in the webserver logs when I log in thru the portlet in the site

---------------------------------------------------------------------------

[30/Apr/2008:09:44:03 -0400] "POST /portal/site/cityshare/index.jsp?epi-content=GENERIC&epi-process=generic_process.jsp&beanID=854232697&viewID=LoginProcess HTTP/1.1" 302 625

[30/Apr/2008:09:44:04 -0400] "GET /portal/site/cityshare/template.MAXIMIZE/action.display/?viewID=LoginProcess&submit.y=0&submit.x=0&username=pwu&userpass=change4me&beanID=854232697&fromLegacyURL=true HTTP/1.1" 302 405

[30/Apr/2008:09:44:04 -0400] "GET /portal/css/templates/template0002/t0002_style_0004/_style_-css.variables.jsp/blue_horizontal_dhtml011897135831401189702366554.css HTTP/1.1" 404 471

[30/Apr/2008:09:44:04 -0400] "GET /portal/site/cityshare/index.jsp?epi_menuItemID=5f0dd5e1cee52913b7671310e05789a0 HTTP/1.1" 200 139380

[30/Apr/2008:09:44:05 -0400] "GET /portal/site/cityshare/index.jsp?epi_menuItemID=5f0dd5e1cee52913b7671310e05789a0 HTTP/1.1" 200 28504

---------------------------------------------------------------------------


- The first POST is the one sent from the login.jsp on button click
- I think that the last two GET request are generated because of the
sendRedirect call in my java class as you can see the epi_menuitemID appended since in the code the call looks like this

String cityshare_home_menuitem = "?epi_menuItemID=5f0dd5e1cee52913b7671310e05789a0";
getPortalPageContext().sendRedirect(getBean().getFullViewURL("MY_PORTAL_VIEW")+cityshare_home_menuitem);

- The two GETs that are in between must be coming from somewhere else.
- Since the second GET does not have the menuitemID appended to it, so it
cannot be a call from sendRedirect method that we have right?

When you set cookies or sessions, are GET calls made?

Can you tell me when the template.MAXIMIZE call is made?

Do you think that something internally is triggering this GET request?

One thing, I also tried changing the IS_NAVIGATION_ROOT to false for the
"MY_PORTAL_VIEW" in the .pbd file so that it treats everything as a POST request. Not sure if that is right but that dint solve the problem.