JSESSIONID cookie path empty for root deployments
by arjan tijms
Hi,
For a root deployment, Undertow by default writes the JSESSIONID cookie
with an empty path. I.e. in the response header the following appears:
SET-COOKIE: JSESSIONID=FhgSh... path=; ...
An empty path causes browsers to set the cookie on whatever path was used
for the request URI. In effect, this causes multiple JSESSIONIDs to be
created while browsing through an app deployed to WildFly, and thus
multiple JSESSIONIDs being posted back when other paths are accessed
(leading to many issues).
The cause of this seems to be in
io.undertow.servlet.spec.ServletContextImpl#ServletContextImpl and
io.undertow.servlet.core.DeploymentManagerImpl#handleDeploymentSessionConfig,
where the cookie path is set to deploymentInfo#getContextPath, which in
both cases returns the empty string.
See:
io.undertow.servlet.spec.ServletContextImpl.ServletContextImpl(ServletContainer,
Deployment)
sessionCookieConfig = new SessionCookieConfigImpl(this);
sessionCookieConfig.setPath(deploymentInfo.getContextPath());
and:
io.undertow.servlet.core.DeploymentManagerImpl.handleDeploymentSessionConfig(DeploymentInfo,
ServletContextImpl)
if(sc.getPath() != null) {
sessionCookieConfig.setPath(sc.getPath());
} else {
sessionCookieConfig.setPath(deploymentInfo.getContextPath());
}
I'm not sure if deploymentInfo#getContextPath should indeed return the
empty string for a root deployment or not, but I think setting the cookie
path to the empty string is not really correct and should be "/" in that
case.
Kind regards,
Arjan Tijms
10 years
CAS / OAuth / OpenID / HTTP / SAML client protocol support?
by Michaël REMOND
Hi,
I currently contribute to a Java library from Jerome Leleu, able to protect
applications and delegate authentications to various identity providers. It
currently supports 5 different protocols: CAS, OAuth, OpenID, HTTP and SAML
and 18 identity providers (Facebook, Twitter, Google, Yahoo...) through a
very simple and unified API accross protocols/JVM frameworks:
https://github.com/leleuj/pac4j.
The pac4j librairies are used in various JVM frameworks with the
appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
Although the core pac4j librairies gathers "a lot of" code (300 classes,
26000 lines of source code), the implementations to specific JVM frameworks
are pretty straigtforward: from 4 classes for Spring Security to 11 classes
for Play Framework 2.x.
We are currently targeting new plateforms and especially async one; we got
an implementation from ratpack (http://www.ratpack.io/) and we discussed
also with the guys from vert.x. They gave us some ideas in order to improve
our library by becoming more "reactive".
I think that pac4j could be helpful for the Undertow community too by
bringing client multi-protocols support.
I looked at the security model from Undertow and I start to think about a
possible integration by developing a "Pac4jAuthenticationMechanism".
What do you think about such development? Are you interested in a demo app
showing how this could work? Do you have suggestions?
Thanks.
Best regards,
Michael Remond
10 years, 1 month
How to interrupt WebSocketClient.connect(...)
by Ryan Hermanson
Is there way to cancel an outstanding
WebSocketContainer.connectToServer(...) request ? A connection attempt to
an offline server blocks a very long time (minutes), and debugging would
indicate IoFuture<WebSocketChannel> seems unwilling to respect an
interrupt/cancel from the main thread.
IoFuture<WebSocketChannel> session = WebSocketClient.connect(xnioWorker,
ssl, bufferPool, OptionMap.EMPTY, path, WebSocketVersion.V13,
clientNegotiation); //TODO: fix this
WebSocketChannel channel = session.get();
10 years, 3 months
WebSocketContainer configuration
by Ryan Hermanson
I have had good luck with use of Undertow recently but now I’ve come up
against a problem. When the deployment is strictly a server (I.e. handling
inbound requests over web sockets), all is happy. Recently, there is a
need to support outbound “client” sessions. And, all is not well. I’ll be
as detailed as possible to keep the speculation of specifics to a minimum.
Thanks for your patience.
My problem is two fold. The client session needs to have associated
sslContext (presumably thru EndpointConfig instance), as well as a way to
control/configure the underlying HTTP timeouts (presumably thru
socketOptions). When I do something as simple as
ContainerProvider.getWebSocketContainer().connectToServer(annotatedClientEndpoint.class,
path)
, the client connection is established with far-end as hoped, but the
sslContext defined for our undertow instance is not employed. To add to
the headache, if the remote server is unresponsive, the connection attempt
blocks for roughly 5 minutes. Neither of these scenarios is ideal,
obviously.
ServerWebSocketContainer serverContainer = (ServerWebSocketContainer)
deployment.getDeployment()
.getServletContext().getAttribute(ServerContainer.class.getName());
serverContainer.connectToServer(annotatedClientEndpoint.class, path);
The above attempt to leverage the deployed ServerWebSocketContainer
(simpleAnnotatedServerEndpoint), successfully establishes the remote
connection, but any attempt at handling a message via @OnMessage (public
void onMessage(String msg)), yields NPE (BufferPool is null) with stack
trace of:
2014-08-21 16:03:30,978;20667;DEBUG;core.request;(XNIO-1 I/O-1);Invoking
receive listener
2014-08-21 16:03:30,978;20667;ERROR;xnio.listener;(XNIO-1
I/O-1);XNIO001007: A channel event listener threw an exception
java.lang.NullPointerException
at
io.undertow.server.protocol.framed.AbstractFramedChannel.receive(AbstractFramedChannel.java:234)
at
io.undertow.websockets.core.AbstractReceiveListener.handleEvent(AbstractReceiveListener.java:20)
at
io.undertow.websockets.core.AbstractReceiveListener.handleEvent(AbstractReceiveListener.java:15)
at
org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at
io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:632)
at
io.undertow.server.protocol.framed.AbstractFramedChannel$FrameReadListener.handleEvent(AbstractFramedChannel.java:618)
at
org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at
org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:87)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:539)
Based on description above and the relevant code snippets below, how should
I proceed in order to successfully establish outbound “client” connection
with functional xnioWorker instance, including SSL_CONTEXT and working
channels? Thank you for any suggestions.
Undertow version: 1.0.15 Final
Xnio version: 3.2.2 Final
My undertow instance:
undertow = Undertow.builder()
.addHttpListener(wsDefaultPort, WS_HOST)
.addHttpsListener(wssDefaultPort, WS_HOST,
MySSLSocketFactory.getSslContext())
.setHandler(rootPath)
.build();
undertow.start();
….
final WebSocketDeploymentInfo deployment = new
WebSocketDeploymentInfo();
try
{
final Xnio xnio = Xnio.getInstance("nio",
Undertow.class.getClassLoader());
final XnioWorker xnioWorker =
xnio.createWorker(OptionMap.builder().getMap());
deployment.setWorker(xnioWorker);
deployment.addEndpoint(simpleAnnotatedServerEndpoint.class);
….
final DeploymentManager deploymentManager =
defaultContainer().addDeployment(deployment()
.setClassLoader(classLoader)
.setContextPath(prefixPath)
.setDeploymentName(prefixPath)
.addServletContextAttribute(ATTRIBUTE_NAME, deployment));
deploymentManager.deploy();
.…
rootPath.addPrefixPath(prefixPath, deploymentManager.start());
deployments.put(prefixPath, deploymentManager);
10 years, 3 months
Retrieving request entity
by Vladimir Tsukur
One of the ways to obtain request entity is to call
HttpServerExchange.startBlocking and then read content from the
HttpServerExchange.getInputStream.
Is there a way to obtain request entity in a non-blocking way?
--
Vladimir Tsukur
Software Architect, Design Engineer and Scrum Master
10 years, 3 months
Setting/handling request timeouts
by Bill O'Neil
I have been having trouble figuring out how to set request timeouts and how
to handle them.
I have been messing around with the following.
Undertow server = Undertow.builder()
.addHttpListener(8080, "localhost")
.setSocketOption(UndertowOptions.IDLE_TIMEOUT, 1000)
.setSocketOption(Options.READ_TIMEOUT, 1000)
.setSocketOption(Options.WRITE_TIMEOUT, 1000)
When setting a HttpHandler that sleeps this will return an empty reply from
server.
curl -v localhost:8080
* Adding handle: conn: 0x7f81a900ee00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f81a900ee00) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 8080 (#0)
* Trying ::1...
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: localhost:8080
> Accept: */*
>
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
1. What is the proper way to handle time outs?
2. Is it possible to set different timeouts per HttpHandler?
Thanks,
Bill
10 years, 3 months
Sending response asynchronously to IO or worker thread
by Vladimir Tsukur
Imagine the use case when sending response does not happen from IO or
worker thread, but instead originates as a part of asynchronous event
handling in an application thread.
Below is a code snippet for a simple timer use case where response is meant
to be sent in 5 seconds after receiving a request. This solution is put
here just to illustrate the point, it does NOT work for the obvious reason
that we'll cover later:
final Undertow undertow = Undertow.builder()
.addHttpListener(9090, "localhost")
.setHandler(new HttpHandler() {
public void handleRequest(final HttpServerExchange
exchange) throws Exception {
new Timer().schedule(new TimerTask() {
public void run() {
exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
exchange.getResponseSender().send("Returned in
5 seconds");
}
}, 5000);
}
}).build();
undertow.start();
This handler is implemented incorrectly because exchange will end right
after handleRequest method is called.
In order to fix this we can use dispatching (only implementation of
handleRequest method is shown):
public void handleRequest(final HttpServerExchange exchange) throws
Exception {
if (exchange.isInIoThread()) {
exchange.dispatch(new Runnable() {
public void run() {
new Timer().schedule(new TimerTask() {
public void run() {
Connectors.executeRootHandler(new HttpHandler()
{
public void
handleRequest(HttpServerExchange exchange) throws Exception {
exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
exchange.getResponseSender().send("Returned in 5 seconds");
}
}, exchange);
}
}, 5000);
}
});
}
}
Please pay attention that the requirement here is not to use dumb blocking
in the work thread (like Thread.sleep(5000)) but rely on asynchronous event
handling instead.
I would appreciate if someone can answer the following questions:
- Are there any pitfalls with the working dispatch/executeRootHandler
solution mentioned above?
- Is there a simpler and more elegant way to achieve the same?
--
Vladimir Tsukur
Software Architect, Design Engineer and Scrum Master
10 years, 3 months
"unauthenticatedIndentity" in Undertow
by Wolfgang Knauf
Hi guys,
I try to sort out the "unauthenticatedIdentity" feature for JAS login
modules in WildFly 8.
To my understanding, when logging in without username/password, the
login module should fallback to this "unauthenticatedIndentity", which
can only access public content (e.g. unsecured or @PermitAll ejb methods).
But without a login, my public ejb method shows that
"this.sessionContext.getCallerPrincipal().getName()" returns
"anonymous", which is NOT the "unauthenticatedIdentity" value.
And "httpRequest.login(null, null)" will fail because of the Undertow
implementation.
How can a switch to the user name declared in the "unauthenticatedIdentity"?
Same question e.g. here: https://community.jboss.org/thread/237899
Seems I have a basic misunderstanding about this ;-), but I don't find a
clear explanation in the web...
Best regards
Wolfgang Knauf
10 years, 3 months
Build on Windows 7
by Lucas Ponce
Hi,
I am trying to build current master (Commit: ceb019c91bd5ff5f219093298be93452770c3a70 Checkstyle) on Windows 7, failing with this error:
http://pastebin.com/EP4y5pu4
Is there perhaps some specific config/flag for windows ?
I can build it in linux (Fedora 19) without issues.
Thanks,
Lucas
10 years, 3 months
Can we please have a notification scheme enabled for Undertow Jira?
by Darran Lofthouse
Can we please have a notification scheme enabling for the Undertow Jira
project so that we can receive e-mail notifications.
I would suggest just use the same one as is used for Remoting JMX, it
should be sufficient to have the notifications go to the general mailing
list and interested individuals.
Regards,
Darran Lofthouse.
10 years, 3 months
