[jboss-jira] [JBoss JIRA] Assigned: (JBAS-5645) JBossWeb losing POST data during FORM Authentication
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Thu Jun 19 00:25:37 EDT 2008
[ http://jira.jboss.com/jira/browse/JBAS-5645?page=all ]
Anil Saldhana reassigned JBAS-5645:
-----------------------------------
Assignee: Remy Maucherat (was: Anil Saldhana)
==============================================
23:14:07,468 INFO [TomcatDeployment] deploy, ctxPath=/form-auth, vfsUrl=form-auth.war
23:14:16,662 INFO [[localhost]] REQUEST URI =/form-auth/unsecure_form.html
23:14:16,662 INFO [[localhost]] authType=null
23:14:16,663 INFO [[localhost]] characterEncoding=null
23:14:16,663 INFO [[localhost]] contentLength=-1
23:14:16,663 INFO [[localhost]] contentType=null
23:14:16,663 INFO [[localhost]] contextPath=/form-auth
23:14:16,664 INFO [[localhost]] header=user-agent=Jakarta Commons-HttpClient/2.0final
23:14:16,664 INFO [[localhost]] header=host=localhost:8080
23:14:16,664 INFO [[localhost]] locale=en_US
23:14:16,664 INFO [[localhost]] method=GET
23:14:16,665 INFO [[localhost]] pathInfo=null
23:14:16,665 INFO [[localhost]] protocol=HTTP/1.1
23:14:16,665 INFO [[localhost]] queryString=null
23:14:16,665 INFO [[localhost]] remoteAddr=127.0.0.1
23:14:16,665 INFO [[localhost]] remoteHost=127.0.0.1
23:14:16,665 INFO [[localhost]] remoteUser=null
23:14:16,665 INFO [[localhost]] requestedSessionId=null
23:14:16,665 INFO [[localhost]] scheme=http
23:14:16,666 INFO [[localhost]] serverName=localhost
23:14:16,666 INFO [[localhost]] serverPort=8080
23:14:16,666 INFO [[localhost]] servletPath=/unsecure_form.html
23:14:16,666 INFO [[localhost]] isSecure=false
23:14:16,666 INFO [[localhost]] ---------------------------------------------------------------
23:14:19,942 INFO [[localhost]] ---------------------------------------------------------------
23:14:19,943 INFO [[localhost]] authType=null
23:14:19,943 INFO [[localhost]] contentLength=650
23:14:19,943 INFO [[localhost]] contentType=text/html
23:14:19,944 INFO [[localhost]] header=X-Powered-By=Servlet 2.5; JBoss-5.0/JBossWeb-2.0/Tomcat-6.0
23:14:19,944 INFO [[localhost]] header=ETag=W/"650-1213810712000"
23:14:19,944 INFO [[localhost]] header=Last-Modified=Wed, 18 Jun 2008 17:38:32 GMT
23:14:19,945 INFO [[localhost]] message=null
23:14:19,945 INFO [[localhost]] remoteUser=null
23:14:19,945 INFO [[localhost]] status=200
23:14:19,945 INFO [[localhost]] ===============================================================
23:14:19,999 INFO [[localhost]] REQUEST URI =/form-auth/restricted/SecuredPostServlet
23:14:20,000 INFO [[localhost]] authType=null
23:14:20,000 INFO [[localhost]] characterEncoding=null
23:14:20,000 INFO [[localhost]] contentLength=17
23:14:20,000 INFO [[localhost]] contentType=application/x-www-form-urlencoded
23:14:20,000 INFO [[localhost]] contextPath=/form-auth
23:14:20,000 INFO [[localhost]] header=user-agent=Jakarta Commons-HttpClient/2.0final
23:14:20,000 INFO [[localhost]] header=host=localhost:8080
23:14:20,000 INFO [[localhost]] header=content-length=17
23:14:20,000 INFO [[localhost]] header=content-type=application/x-www-form-urlencoded
23:14:20,000 INFO [[localhost]] locale=en_US
23:14:20,000 INFO [[localhost]] method=POST
23:14:20,001 INFO [[localhost]] parameter=checkParam=123456
23:14:20,001 INFO [[localhost]] pathInfo=null
23:14:20,001 INFO [[localhost]] protocol=HTTP/1.1
23:14:20,001 INFO [[localhost]] queryString=null
23:14:20,001 INFO [[localhost]] remoteAddr=127.0.0.1
23:14:20,001 INFO [[localhost]] remoteHost=127.0.0.1
23:14:20,001 INFO [[localhost]] remoteUser=null
23:14:20,001 INFO [[localhost]] requestedSessionId=null
23:14:20,001 INFO [[localhost]] scheme=http
23:14:20,001 INFO [[localhost]] serverName=localhost
23:14:20,001 INFO [[localhost]] serverPort=8080
23:14:20,001 INFO [[localhost]] servletPath=/restricted/SecuredPostServlet
23:14:20,001 INFO [[localhost]] isSecure=false
23:14:20,002 INFO [[localhost]] ---------------------------------------------------------------
23:17:18,473 INFO [[localhost]] ---------------------------------------------------------------
23:17:18,473 INFO [[localhost]] authType=null
23:17:18,473 INFO [[localhost]] contentLength=711
23:17:18,473 INFO [[localhost]] contentType=text/html
23:17:18,473 INFO [[localhost]] cookie=JSESSIONID=1BF698881ED5159F6EDA8211148871B4; domain=null; path=/
23:17:18,473 INFO [[localhost]] header=Set-Cookie=JSESSIONID=1BF698881ED5159F6EDA8211148871B4; Path=/
23:17:18,473 INFO [[localhost]] header=ETag=W/"711-1213810716000"
23:17:18,473 INFO [[localhost]] header=Last-Modified=Wed, 18 Jun 2008 17:38:36 GMT
23:17:18,474 INFO [[localhost]] message=null
23:17:18,474 INFO [[localhost]] remoteUser=null
23:17:18,474 INFO [[localhost]] status=200
23:17:18,474 INFO [[localhost]] ===============================================================
23:17:18,532 INFO [[localhost]] REQUEST URI =/form-auth/j_security_check
23:17:18,532 INFO [[localhost]] authType=null
23:17:18,533 INFO [[localhost]] characterEncoding=null
23:17:18,533 INFO [[localhost]] contentLength=35
23:17:18,533 INFO [[localhost]] contentType=application/x-www-form-urlencoded
23:17:18,533 INFO [[localhost]] contextPath=/form-auth
23:17:18,533 INFO [[localhost]] cookie=JSESSIONID=1BF698881ED5159F6EDA8211148871B4
23:17:18,533 INFO [[localhost]] header=referer=http://localhost:8080/form-auth/unsecure_form.html
23:17:18,533 INFO [[localhost]] header=user-agent=Jakarta Commons-HttpClient/2.0final
23:17:18,533 INFO [[localhost]] header=host=localhost:8080
23:17:18,533 INFO [[localhost]] header=cookie=$Version=0; JSESSIONID=1BF698881ED5159F6EDA8211148871B4; $Path=/
23:17:18,533 INFO [[localhost]] header=content-length=35
23:17:18,533 INFO [[localhost]] header=content-type=application/x-www-form-urlencoded
23:17:18,533 INFO [[localhost]] locale=en_US
23:17:18,533 INFO [[localhost]] method=POST
23:17:18,534 INFO [[localhost]] parameter=j_username=jduke
23:17:18,534 INFO [[localhost]] parameter=j_password=theduke
23:17:18,534 INFO [[localhost]] pathInfo=null
23:17:18,534 INFO [[localhost]] protocol=HTTP/1.1
23:17:18,534 INFO [[localhost]] queryString=null
23:17:18,534 INFO [[localhost]] remoteAddr=127.0.0.1
23:17:18,534 INFO [[localhost]] remoteHost=127.0.0.1
23:17:18,535 INFO [[localhost]] remoteUser=null
23:17:18,535 INFO [[localhost]] requestedSessionId=1BF698881ED5159F6EDA8211148871B4
23:17:18,535 INFO [[localhost]] scheme=http
23:17:18,535 INFO [[localhost]] serverName=localhost
23:17:18,535 INFO [[localhost]] serverPort=8080
23:17:18,535 INFO [[localhost]] servletPath=/j_security_check
23:17:18,535 INFO [[localhost]] isSecure=false
23:17:18,535 INFO [[localhost]] ---------------------------------------------------------------
23:18:24,796 INFO [[localhost]] ---------------------------------------------------------------
23:18:24,796 INFO [[localhost]] authType=null
23:18:24,796 INFO [[localhost]] contentLength=-1
23:18:24,796 INFO [[localhost]] contentType=null
23:18:24,796 INFO [[localhost]] header=Location=http://localhost:8080/form-auth/restricted/SecuredPostServlet
23:18:24,797 INFO [[localhost]] message=null
23:18:24,797 INFO [[localhost]] remoteUser=null
23:18:24,797 INFO [[localhost]] status=302
23:18:24,797 INFO [[localhost]] ===============================================================
23:18:24,811 INFO [[localhost]] REQUEST URI =/form-auth/restricted/SecuredPostServlet
23:18:24,811 INFO [[localhost]] authType=null
23:18:24,811 INFO [[localhost]] characterEncoding=null
23:18:24,811 INFO [[localhost]] contentLength=-1
23:18:24,811 INFO [[localhost]] contentType=null
23:18:24,811 INFO [[localhost]] contextPath=/form-auth
23:18:24,811 INFO [[localhost]] cookie=JSESSIONID=1BF698881ED5159F6EDA8211148871B4
23:18:24,811 INFO [[localhost]] header=user-agent=Jakarta Commons-HttpClient/2.0final
23:18:24,811 INFO [[localhost]] header=host=localhost:8080
23:18:24,811 INFO [[localhost]] header=cookie=$Version=0; JSESSIONID=1BF698881ED5159F6EDA8211148871B4; $Path=/
23:18:24,811 INFO [[localhost]] locale=en_US
23:18:24,811 INFO [[localhost]] method=GET
23:18:24,812 INFO [[localhost]] pathInfo=null
23:18:24,812 INFO [[localhost]] protocol=HTTP/1.1
23:18:24,812 INFO [[localhost]] queryString=null
23:18:24,812 INFO [[localhost]] remoteAddr=127.0.0.1
23:18:24,812 INFO [[localhost]] remoteHost=127.0.0.1
23:18:24,812 INFO [[localhost]] remoteUser=null
23:18:24,812 INFO [[localhost]] requestedSessionId=1BF698881ED5159F6EDA8211148871B4
23:18:24,812 INFO [[localhost]] scheme=http
23:18:24,812 INFO [[localhost]] serverName=localhost
23:18:24,812 INFO [[localhost]] serverPort=8080
23:18:24,812 INFO [[localhost]] servletPath=/restricted/SecuredPostServlet
23:18:24,812 INFO [[localhost]] isSecure=false
23:18:24,812 INFO [[localhost]] ---------------------------------------------------------------
23:22:16,006 ERROR [[SecuredPostServlet]] Servlet.service() for servlet SecuredPostServlet threw exception
javax.servlet.ServletException: Did not find checkParam=123456
at org.jboss.test.web.servlets.SecuredPostServlet.processRequest(SecuredPostServlet.java:52)
at org.jboss.test.web.servlets.SecuredPostServlet.doPost(SecuredPostServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:183)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:189)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:90)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:96)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.valves.RequestDumperValve.invoke(RequestDumperValve.java:151)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:325)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
23:22:16,008 INFO [[localhost]] ---------------------------------------------------------------
=============================================================================================================
The original request was POST with a parameter passed. After form auth, I see that the redirect (302) is a GET and the post data is lost.
> JBossWeb losing POST data during FORM Authentication
> ----------------------------------------------------
>
> Key: JBAS-5645
> URL: http://jira.jboss.com/jira/browse/JBAS-5645
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web (Tomcat) service
> Affects Versions: JBossAS-5.0.0.Beta4
> Reporter: Anil Saldhana
> Assigned To: Remy Maucherat
> Fix For: JBossAS-5.0.0.CR1
>
>
> TestCase: org.jboss.test.web.test.FormAuthUnitTestCase
> Test: testPostDataFormAuth
> Somehow the form authenticator restore request is losing the post data that was submitted as part of the request before the form authentication kicked in.
> Remy, please validate this.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list