[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3274) HTTPS LInks Contain Wrong Port

Arron Ferguson (JIRA) jira-events at lists.jboss.org
Sun Aug 17 19:07:58 EDT 2008


HTTPS LInks Contain Wrong Port
------------------------------

                 Key: JBSEAM-3274
                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3274
             Project: Seam
          Issue Type: Bug
          Components: Core
    Affects Versions: 2.0.3.CR1, 2.0.2.SP1
         Environment: Ubuntu 7.10, Tomcat 6.0, Seam 2.0.2/2.0.3
            Reporter: Arron Ferguson
            Priority: Blocker


As per what Shane Bryzak suggested in this thread (Shane suggested that I assign it to him but I couldn't find that feature in this web form):

http://www.seamframework.org/Community/SeamAndHTTPS

I am submitting this bug report.

Using Seam 2.0.2/2.0.3 with Tomcat 6, if you have pages in your web app that switch between different protocols (i.e., between HTTP and HTTPS), the Seam links are not using the correct port. This bug is reproducible 100% of the time. In order to reproduce, have Tomcat 6 running (you don't need a DB) and ensure that Tomcat 6 has the following lib in its $CATALINA_HOME/lib folder: el-api.jar

The application must contain the following libs in it's class path as well:
antlr.jar
asm.jar
cglib.jar
commons-beanutils.jar
commons-codec-1.3.jar
commons-collections.jar
commons-digester.jar
commons-lang.jar
commons-logging.jar
dom4j.jar
ejb-api.jar
javassist.jar
jboss-archive-browsing.jar
jboss-el.jar
jboss-seam-debug.jar
jboss-seam-ioc.jar
jboss-seam.jar
jboss-seam-ui.jar
jsf-api.jar
jsf-facelets.jar
jsf-impl.jar
jstl.jar
jta.jar
lucene-core.jar
persistence-api.jar
spring.jar

Your Tomcat server.xml file (found in $CATALINA_HOME/conf folder) should uncomment the following:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Don't worry about the fact that you're not specifying the keystore, if you've set up the keystore, Tomcat 6 will find it (new feature, saves typing). Having said that, you'll need to have set up the keystore (set up on your OS which is pretty brainless on either Windows or Linux) for Tomcat as per the following guide from Apache:

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Don't worry, it's a pretty easy-to-follow set of steps creating a keystore (should take no longer than five minutes - especially if you use the default values that the quick tutorial says to use). Your pages.xml file looks like this (copy/paste):

<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"
       http-port="8080" https-port="8443"
       no-conversation-view-id="/index.xhtml"
                 login-view-id="/index.xhtml">
  <page view-id="*" scheme="http" />
  <page view-id="/register.xhtml" scheme="https"/>
</pages>

Also, make sure you do NOT specify any sort of security constraints in your web.xml file since we are already specifying protocol choices in the above pages.xml file (I found this out the hard way).

Create a Facelets template as (copy/paste):
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets">

  <head>
    <title>Test HTTP and HTTPS Pages</title>
  </head>
  <body>
    <ui:insert name="body"><div>Hello Facelets</div></ui:insert>
  </body>
</html>

Based on the template, create two pages. The first page is the index page which uses the default HTTP and so port 8080 from Tomcat default port  (copy/paste):

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:s="http://jboss.com/products/seam/taglib" >
  <body>
    <ui:composition template="./template.xhtml">
      <ui:define name="body">
        <p>This page is http://localhost:8080/test/index.html</p>
        <s:link view="/register.xhtml" value="register"/>
        <p>Here's a Seam s:link to the register page:</p>
        <p>Here's a regular HTML anchor to the register page: <a href="./register.html">register</a></p>
      </ui:define> 
    </ui:composition>
  </body>
</html>

Next is the register page which is using SSL (and so port 8443 in Tomcat 6 by default, copy/paste):

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:s="http://jboss.com/products/seam/taglib" >
  <body>
    <ui:composition template="./template.xhtml">
      <ui:define name="body">
        <p>This page is defined as an HTTPS page (i.e., using SSL) within the pages.xml file and thus under Seam 2.0.3 under Tomcat 6 is actually at: https://localhost:8443/test/register.html</p>
        <p>Go back to the index.html page which is not using SSL (so at port 8080):</p>
        <s:link view="/index.xhtml" value="index"/>
        <p>Here's a Seam s:link to the index page:</p>
        <p>Here's a regular HTML anchor to the index page: <a href="./index.html">index</a></p>
      </ui:define> 
    </ui:composition>
  </body>
</html>

Once you start up Tomcat 6 and deploy your web app, if you type the URL of your index.html file you should see the page rendered. Check the source of that page (the index.html page) and take a look at Seam's s:link URL. It is:

https://localhost:8080/test/register.html?conversationId=1

Assuming it's the first conversation started (otherwise the conversation id will be n). Notice the wrong protocol (8080). It should be 8443 due to what we specified in the pages.xml file. 

This appears to be a bug - in the very least seam link elements should be able to specify the correct protocol if the pages.xml file states a particular protocol for a particular page.

Let me know if you have any other questions, I will provide code, confirmation files as requested.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the seam-issues mailing list