0 Replies Latest reply on Nov 21, 2003 9:48 AM by ibutcher

302 inconsistency between JBoss 2.4.4 and JBoss 3.2

ibutcher Nov 21, 2003 9:48 AM

Hi,

I am assessing how much work it would be to move from my comfortable and stable 2.4 container up to 3.2 and I've found some weirdness in the web container.

Below are two http traces (I can't seem to attach them), one from 2.4.4 (with tomcat 3.2) and the other from 3.2.0 (I've tried it with 3.2.2 and had the same results). Basically it looks like the 302 that is being sent from Jetty is broken.

The behaviour that works in 2.4.4 and that I would expect to work in 3.2 is this:

1. user tries to go to the URL /pds/ui and they are redirected (302) to the the index.jsp.

2. index.jsp is protected so the container sends a 302 to the login form (form based auth).

3. browser loads the page by issuing some GETS.

4. user enter their user id and password (POST).

5. browser now goes to index.jsp.

I have also put the relevant web.xml at the end of this post in case that helps.

Any thoughts on whether I am at fault here and 2.4 was just helping me out or whether there is a problem in 3.2 would be appreciated.

Regards,

Ian.

JBoss 2.4.4
=================

Browser --> JBoss

GET /pds/ui HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive

Browser <-- JBoss

HTTP/1.0 302 Found
Content-Type: text/html
Location: http://localhost:8080/pds/ui/index.jsp
Content-Length: 171
Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)

Document moved
<h1>Document moved</h1>
This document has moved here.

Browser --> JBoss

GET /pds/ui/index.jsp HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive

Browser <-- JBoss

HTTP/1.0 302 Found
Content-Type: text/html
Location: http://localhost:8080/pds/login/login.html
Content-Length: 175
Set-Cookie2: JSESSIONID=vbxvruvnv1;Version=1;Discard;Path="/pds"
Set-Cookie: JSESSIONID=vbxvruvnv1;Path=/pds
Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)

Document moved
<h1>Document moved</h1>
This document has moved here.

Browser --> JBoss

GET /pds/login/login.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
If-Modified-Since: Thu, 16 Oct 2003 13:56:26 GMT; length=2867
Cookie: JSESSIONID=vbxvruvnv1

Browser <-- JBoss

HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 2867
Last-Modified: Thu, 16 Oct 02003 13:56:26 GMT
Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)

...
...

Browser --> JBoss

GET /pds/image/logo.gif HTTP/1.1
Accept: */*
Referer: http://localhost:8080/pds/login/login.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 25 Jan 2002 15:18:56 GMT; length=2901
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Cookie: JSESSIONID=vbxvruvnv1

Browser --> JBoss

GET /pds/image/XXX.gif HTTP/1.1
Accept: */*
Referer: http://localhost:8080/pds/login/login.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 13 Dec 2001 19:07:32 GMT; length=77
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Cookie: JSESSIONID=vbxvruvnv1

Browser --> JBoss

GET /pds/image/YYY.gif HTTP/1.1
Accept: */*
Referer: http://localhost:8080/pds/login/login.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 13 Dec 2001 19:07:32 GMT; length=77
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Cookie: JSESSIONID=vbxvruvnv1

Browser <-- JBoss

HTTP/1.0 200 OK
Content-Type: image/gif
Content-Length: 2901
Last-Modified: Fri, 25 Jan 02002 15:18:56 GMT
Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)

Browser --> JBoss

POST /pds/login/j_security_check HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Referer: http://localhost:8080/pds/login/login.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Content-Length: 50
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=vbxvruvnv1

j_username=XXXXXXXXX&j_password=XXXXXXXX&Submit=Submit

JBoss 3.2.0
===============

Browser --> JBoss

GET /pds/ui HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive

Browser <-- JBoss

HTTP/1.1 302 Moved Temporarily
Date: Wed, 19 Nov 2003 14:23:26 GMT
Server: Jetty/4.2.9 (Windows XP/5.1 x86 java/1.4.2_02)
Location: http://localhost:8080/pds/ui/
Transfer-Encoding: chunked

0

Browser --> JBoss

GET /pds/ui/ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive

Web.xml
============

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>









<taglib-uri>pgstags</taglib-uri>
<taglib-location>/WEB-INF/lib/pgstags.jar</taglib-location>



<taglib-uri>xtags</taglib-uri>
<taglib-location>/WEB-INF/lib/taglibs-xtags.tld</taglib-location>


<security-constraint>

<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Secure Servlets
<url-pattern>/ui/administration/*</url-pattern>
<url-pattern>/ui/application/*</url-pattern>
<url-pattern>/ui/buttons/*</url-pattern>
<url-pattern>/ui/command/*</url-pattern>
<url-pattern>/ui/device/*</url-pattern>
<url-pattern>/ui/devicetype/*</url-pattern>
<url-pattern>/ui/error/*</url-pattern>
<url-pattern>/ui/iconbar/*</url-pattern>
<url-pattern>/ui/install/*</url-pattern>
<url-pattern>/ui/logging/*</url-pattern>
<url-pattern>/ui/navigation/*</url-pattern>
<url-pattern>/ui/png/*</url-pattern>
<url-pattern>/ui/popup/*</url-pattern>
<url-pattern>/ui/patch/*</url-pattern>
<url-pattern>/ui/status/*</url-pattern>
<url-pattern>/ui/user/*</url-pattern>
<url-pattern>/ui/xml/*</url-pattern>


<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>


<auth-constraint>
<role-name>SUPER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>


</security-constraint>


<security-constraint>

<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
Secure Servlets
<url-pattern>/ui/sipxchange/*</url-pattern>
<url-pattern>/ui/initialize/*</url-pattern>
<url-pattern>/ui/profile/*</url-pattern>
<url-pattern>/ui/popup/*</url-pattern>
<url-pattern>/ui/script/*</url-pattern>
<url-pattern>/ui/help/*</url-pattern>
<url-pattern>/ui/xml/update_configuration_set.jsp</url-pattern>

<url-pattern>/ui/index.jsp</url-pattern>
<url-pattern>/ui/welcome.jsp</url-pattern>
<url-pattern>/ui/frameset.html</url-pattern>


<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>


<auth-constraint>
<role-name>SUPER</role-name>
<role-name>ADMIN</role-name>
<role-name>END_USER</role-name>
</auth-constraint>


</security-constraint>


<security-constraint>

<web-resource-collection>
<web-resource-name>CommserverUI</web-resource-name>
Secure CommserverUI
<url-pattern>/commserver/*</url-pattern>


<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>


<auth-constraint>
<role-name>SUPER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>


</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login/login.html</form-login-page>
<form-error-page>/login/error.html</form-error-page>
</form-login-config>
</login-config>

<security-role>
Role Requirements to call Servlets
<role-name>SUPER</role-name>
</security-role>

</web-app>