January 2021 - jboss-jira - Jboss List Archives

[Red Hat JIRA] (WFCORE-5240) Add a ManagementResourceRegistration.registerSubModelIfAbsent method

by Brian Stansberry (Jira)

Brian Stansberry created WFCORE-5240: ---------------------------------------- Summary: Add a ManagementResourceRegistration.registerSubModelIfAbsent method Key: WFCORE-5240 URL: https://issues.redhat.com/browse/WFCORE-5240 Project: WildFly Core Issue Type: Enhancement Components: Management Reporter: Brian Stansberry Assignee: Brian Stansberry Subsystems, particularly datasources and resource-adapters, have code like this that's called from service start methods: https://github.com/wildfly/wildfly/blob/master/connector/src/main/java/or... This is basically trying for a quasi putIfAbsent semantic. But it's not really reliable, particularly if multiple services are doing the same thing during boot. So, add a proper putIfAbsent-type submodel registration method to ManagementResourceRegistration. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14133) Call Timeout is not configurable on the core bridge

by Brian Stansberry (Jira)

[ https://issues.redhat.com/browse/WFLY-14133?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFLY-14133: ------------------------------------ Issue Type: Feature Request (was: Bug) > Call Timeout is not configurable on the core bridge > --------------------------------------------------- > > Key: WFLY-14133 > URL: https://issues.redhat.com/browse/WFLY-14133 > Project: WildFly > Issue Type: Feature Request > Components: JMS, Management > Affects Versions: 22.0.0.Alpha1 > Reporter: Tomas Hofman > Assignee: Tomas Hofman > Priority: Major > > Looking at the code[1], the bridge configuration doesn't allow the configurable call timeout. > [[1] https://github.com/wildfly/wildfly/blob/master/messaging-activemq/src/main/java/org/wildfly/extension/messaging/activemq/BridgeAdd.java#L134-L153|https://github.com/wildfly/wildfly/blob/master/messaging-activemq/src/main/java/org/wildfly/extension/messaging/activemq/BridgeAdd.java#L134-L153] -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Steps to Reproduce: * Have an entry in your Windows hosts file for the endpoint you are about to test, e.g.: {code:java} 127.0.0.1 myappname.company.com{code} * In standalone.xml have *allow-unescaped-characters-in-url=true* on *http-listener* and *https-listener* * In standalone.xml also have *enable-http2=true* on *http-listener* and *https-listener*** * On _Wildfly 21.0.0.Final_ send a GET request with at least one | (pipe) character in the query parameters * In latest Chrome (Version 87.0.4280.88 (Official Build) (64-bit)) or Firefox call a GET request with unencoded | (pipe) symbol in the query (e.g.: GET myappname.company.com/myAPI?someParam=customerId=1212090,caseId=1078841||...) * On Wildfly 21.0.× this will result in a ERR_HTTP2_PROTOCOL_ERROR, and a 4×× error code - with the request not even hitting the application - essentially allow-unescaped-characters-in-url is ignored * On Wildfly 20.0.× this works fine, as expected. * On Wildfly 21.0.× , when I remove *enable-http2*, or set it to false, it also works fine. If you remove the entry from the hosts file though, and the request goes through the company load balancer for myappname.company.com, the request will be successful. was: * Have an entry in your Windows hosts file for the endpoint you are about to test, e.g.: {code:java} 127.0.0.1 myappname.company.com{code} * On _Wildfly 21.0.0.Final_ send a GET request with at least one | (pipe) character in the query parameters * In latest Chrome (Version 87.0.4280.88 (Official Build) (64-bit)) or Firefox call a GET request with unencoded | (pipe) symbol in the query (e.g.: GET myappname.company.com/myAPI?someParam=customerId=1212090,caseId=1078841||...) * On Wildfly 21.0.× this will result in a ERR_HTTP2_PROTOCOL_ERROR, and a 4×× error code - with the request not even hitting the application * On Wildfly 20.0.× this works fine, as expected. * On Wildfly 21.0.× , when I remove *enable-http2*, or set it to false, it also works fine. If you remove the entry from the hosts file though, and the request goes through the company load balancer for myappname.company.com, the request will be successful. > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Steps to Reproduce: * Have an entry in your Windows hosts file for the endpoint you are about to test, e.g.: {code:java} 127.0.0.1 myappname.company.com{code} * On _Wildfly 21.0.0.Final_ send a GET request with at least one | (pipe) character in the query parameters * In latest Chrome (Version 87.0.4280.88 (Official Build) (64-bit)) or Firefox call a GET request with unencoded | (pipe) symbol in the query (e.g.: GET myappname.company.com/myAPI?someParam=customerId=1212090,caseId=1078841||...) * On Wildfly 21.0.× this will result in a ERR_HTTP2_PROTOCOL_ERROR, and a 4×× error code - with the request not even hitting the application * On Wildfly 20.0.× this works fine, as expected. * On Wildfly 21.0.× , when I remove *enable-http2*, or set it to false, it also works fine. If you remove the entry from the hosts file though, and the request goes through the company load balancer for myappname.company.com, the request will be successful. was: * Have an entry in your Windows hosts file for the endpoint you are about to test, e.g.: {code:java} 127.0.0.1 myappname.company.com{code} * On _Wildfly 21.0.0.Final_ send a GET request with at least one | (pipe) character in the query parameters * In latest Chrome (Version 87.0.4280.88 (Official Build) (64-bit)) or Firefox call a GET request with unencoded | (pipe) symbol in the query (e.g.: GET myappname.company.com/myAPI?someParam=customerId=1212090,caseId=1078841||...) * On Wildfly 21.0.× this will result in a ERR_HTTP2_PROTOCOL_ERROR, and a 4×× error code - with the request not even hitting the application * On Wildfly 20.0.× this works fine, as expected. If you remove the entry from the hosts file though, and the request goes through the company load balancer for myappname.company.com, the request will be successful. > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14270) ProtoStream proxy marshalling should not imply JBoss Modules

by Paul Ferraro (Jira)

Paul Ferraro created WFLY-14270: ----------------------------------- Summary: ProtoStream proxy marshalling should not imply JBoss Modules Key: WFLY-14270 URL: https://issues.redhat.com/browse/WFLY-14270 Project: WildFly Issue Type: Bug Components: Clustering Affects Versions: 22.0.0.Beta1 Reporter: Paul Ferraro Assignee: Paul Ferraro This is problematic for wildfly-clustering-tomcat and wildfly-clustering-spring-session, where JBoss Modules is not present. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-13164) When "corrupted" public key is supplied to server, user is not informed

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFLY-13164?page=com.atlassian.jira.plugi... ] Sonia Zaldana reassigned WFLY-13164: ------------------------------------ Assignee: Sonia Zaldana > When "corrupted" public key is supplied to server, user is not informed > ----------------------------------------------------------------------- > > Key: WFLY-13164 > URL: https://issues.redhat.com/browse/WFLY-13164 > Project: WildFly > Issue Type: Bug > Components: MP JWT > Affects Versions: 19.0.0.Beta2, 20.0.0.Beta1 > Reporter: Jan Kasik > Assignee: Sonia Zaldana > Priority: Critical > Attachments: CorruptedKeyTest.war > > > When corrupted public key (a valid key cannot be extracted from the string value) is supplied to JWT verifier, user is not informed since there is no error message in log and clients receives 401 status code in response instead of an error code of 500. -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Summary: Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file (was: Wildfly 21's “allow-unescaped-characters-in-url” ignored when request going through Windows hosts file) > Wildfly 21's “allow-unescaped-characters-in-url” ignored when HTTP2 request going through Windows hosts file > ------------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) Wildfly 21's “allow-unescaped-characters-in-url” ignored when request going through Windows hosts file

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Summary: Wildfly 21's “allow-unescaped-characters-in-url” ignored when request going through Windows hosts file (was: allow-unescaped-characters-in-url="true") > Wildfly 21's “allow-unescaped-characters-in-url” ignored when request going through Windows hosts file > ------------------------------------------------------------------------------------------------------ > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) allow-unescaped-characters-in-url="true"

by Marton Csukas (Jira)

[ https://issues.redhat.com/browse/WFLY-14269?page=com.atlassian.jira.plugi... ] Marton Csukas updated WFLY-14269: --------------------------------- Steps to Reproduce: * Have an entry in your Windows hosts file for the endpoint you are about to test, e.g.: {code:java} 127.0.0.1 myappname.company.com{code} * On _Wildfly 21.0.0.Final_ send a GET request with at least one | (pipe) character in the query parameters * In latest Chrome (Version 87.0.4280.88 (Official Build) (64-bit)) or Firefox call a GET request with unencoded | (pipe) symbol in the query (e.g.: GET myappname.company.com/myAPI?someParam=customerId=1212090,caseId=1078841||...) * On Wildfly 21.0.× this will result in a ERR_HTTP2_PROTOCOL_ERROR, and a 4×× error code - with the request not even hitting the application * On Wildfly 20.0.× this works fine, as expected. If you remove the entry from the hosts file though, and the request goes through the company load balancer for myappname.company.com, the request will be successful. was: * Have an entry in your Windows hosts file for the endpoint you are about to test, e.g.: ** 127.0.0.1 myappname.company.com * On _Wildfly 21.0.0.Final_ send a GET request with at least one | (pipe) character in the query parameters * In latest Chrome (Version 87.0.4280.88 (Official Build) (64-bit)) or Firefox call a GET request with unencoded | (pipe) symbol in the query (e.g.: GET myappname.company.com/myAPI?someParam=customerId=1212090,caseId=1078841||...) * On Wildfly 21.0.× this will result in a ERR_HTTP2_PROTOCOL_ERROR, and a 4×× error code - with the request not even hitting the application * On Wildfly 20.0.× this works fine, as expected. > allow-unescaped-characters-in-url="true" > ---------------------------------------- > > Key: WFLY-14269 > URL: https://issues.redhat.com/browse/WFLY-14269 > Project: WildFly > Issue Type: Bug > Components: Web (Undertow) > Affects Versions: 21.0.0.Final, 21.0.1.Final, 21.0.2.Final > Reporter: Marton Csukas > Assignee: Flavia Rainone > Priority: Major > > I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. > {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. > However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. > Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. > > The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. > The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). > However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: > 127.0.0.1 myappname.company.com > …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. > Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? > We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. > The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. > > Full request source: > {code:java} > GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null > HTTP/1.1 > Host: myappname.company.com > Connection: keep-alive > Pragma: no-cache > Cache-Control: no-cache > sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" > Accept: application/json, text/plain, */* > Authorization: Bearer masked > sec-ch-ua-mobile: ?0 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 > Sec-Fetch-Site: same-origin > Sec-Fetch-Mode: cors > Sec-Fetch-Dest: empty > Referer: https://myappname.company.com/anotherPage > Accept-Encoding: gzip, deflate, br > Accept-Language: en-GB,en;q=0.9 > Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

[Red Hat JIRA] (WFLY-14269) allow-unescaped-characters-in-url="true"

by Marton Csukas (Jira)

Marton Csukas created WFLY-14269: ------------------------------------ Summary: allow-unescaped-characters-in-url="true" Key: WFLY-14269 URL: https://issues.redhat.com/browse/WFLY-14269 Project: WildFly Issue Type: Bug Components: Web (Undertow) Affects Versions: 21.0.2.Final, 21.0.1.Final, 21.0.0.Final Reporter: Marton Csukas Assignee: Flavia Rainone I have a _Wildfly 21.0.0.Final_ running a Spring Boot REST application and I encountered a strange behaviour with {{GET}} requests containing {{|}} (pipe) character in the query parameters. {{|}} (pipe) character is unsafe according to the RFC1738 specification of HTTP, while RFC3986 allows for the encoding of Unicode characters. However, Wildfly (Undertow) has an option on {{http-listener}} and {{https-listener}} entries to {{allow-unescaped-characters-in-url}}. Full {{standalone.xml}} [here|https://gist.github.com/martoncsukas/746695... masked sensitive info. The application is running on {{127.0.0.1:443}}, and is exposed to the outside world as [https://myappname.company.com|https://myappname.company.com/] via a PulseSecure load balancer, where {{myappname}} is a CNAME registered on {{company.com}} DNS, pointing to the load balancers VIP. The {{allow-unescaped-characters-in-url="true"}} bit works fine in these cases (so when the request containing {{|}} _doesn't_ go through the Windows {{hosts}} file, but goes through the load balancer). However, when I add an entry to the Windows {{hosts}} file to bypass the load balancer, such as: 127.0.0.1 myappname.company.com …then the {{GET}} request containing {{|}} in its query parameter won't work - in fact it looks like it is not even hitting the server, as if Wildfly/Undertow's {{allow-unescaped-characters-in-url="true"}} setting wouldn't even be there. Now this causes issues with our local testing. Is there any change we can make so that {{allow-unescaped-characters-in-url="true"}} would be always respected? We know that ideally {{|}} should be encoded to {{%7D}}, but we would be interested in a solution (ideally on Wildfly level) that would make {{allow-unescaped-characters-in-url="true"}} work every time, irrespective whether the requests is going through {{hosts}} file or the load balancer. The very strange this is that it was working fine in _Wildfly 20.0.0.Final_, even without {{allow-unescaped-characters-in-url="true"}} being in {{standalone.xml}}. Full request source: {code:java} GET /rest/v3/news/_lite?mql=customerId=1212090,caseId=1078841||caseId=null HTTP/1.1 Host: myappname.company.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87" Accept: application/json, text/plain, */* Authorization: Bearer masked sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://myappname.company.com/anotherPage Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9 Cookie: JSESSIONID=masked; _ga=GA1.2.1926489359.1609961117; _gid=masked; _gat_gtag_UA_112487518_3=1{code} -- This message was sent by Atlassian Jira (v8.13.1#813001)

3 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2021