Issue with welcome-file and JAAS form based authentication
alain_fr Nov 11, 2019 9:36 AMHi,
I would like some help on an issue I am facing in migrating an application from Jboss AS 7 to WildFly 10 (same problem as well in WildFly 14).
Actually I am facing the same issue described here : [UNDERTOW-348] getRequestURI returns welcome file instead of original request - JBoss Issue Tracker
Let's recap the problem. I narrowed it down to a very simple application. To explain the problem I will go in 2 steps:
- first, show a configuration that is working fine
- second, add form based authentication to reproduce the issue.
1) welcome-file
A welcome-file is configured in web.xml
<welcome-file-list>
<welcome-file>html/index.jsp</welcome-file>
</welcome-file-list>
The content of html/index.jsp is as follow:
<html>
<body>
<h2>JSP URI, URL, Context</h2>
Request Context Path: <%= request.getContextPath() %><br>
Request URI: <%= request.getRequestURI() %><br>
Request URL: <%= request.getRequestURL() %><br>
</body>
</html>
Navigating to the following url : http://localhost:8080/welcomeWeb/localhost:8080/welcome
Give:
Request Context Path: /welcome
Request URI: /welcome/
Request URL: http://localhost:8080/welcome/
It is as expected and as described in this ticket: [UNDERTOW-348] getRequestURI returns welcome file instead of original request - JBoss Issue Tracker
2) welcome-file + form based authentication
Now I protect html/index.jsp with a form based authentication:
web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>authenticated users</web-resource-name>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>roletest</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ApplicationRealm</realm-name>
<form-login-config>
<form-login-page>/html/login.html</form-login-page>
</form-login-config>
</login-config>
The content of /html/login.html is:
<form action="j_security_check" method="post">
<input type="text" placeholder="Username" name="j_username">
<input type="password" placeholder="Password" name="j_password">
<input type="submit">
</form>
Navigating to the following url : http://localhost:8080/welcomeWeb/localhost:8080/welcome
Redirect to the login page, and after authentication html/index.jsp displays the following:
Request Context Path: /welcome
Request URI: /welcome/html/index.jsp
Request URL: http://localhost:8080/welcome/html/index.jsp
getRequestURI is incorrect and it breaks the application I am trying to migrate. On Jboss AS 7 there is no problem and getRequestURI returns the same value in both case (welcome-file with or without form based authentication).
For me it's a bug (behavior should be the same), and I would like your opinion about it. I can attach a sample webapp to reproduce the problem if you want.
Thank you in advance.
Regards
Alain
