0 Replies Latest reply on Nov 11, 2019 9:36 AM by alain_fr

    Issue with welcome-file and JAAS form based authentication

    alain_fr
    alain_fr Nov 11, 2019 9:36 AM

      Hi,

       

      I would like some help on an issue I am facing in migrating an application from Jboss AS 7 to WildFly 10 (same problem as well in WildFly 14).

       

      Actually I am facing the same issue described here : [UNDERTOW-348] getRequestURI returns welcome file instead of original request - JBoss Issue Tracker

       

      Let's recap the problem. I narrowed it down to a very simple application. To explain the problem I will go in 2 steps:

      - first, show a configuration that is working fine

      - second, add form based authentication to reproduce the issue.

       

      1) welcome-file

       

      A welcome-file is configured in web.xml

       

      <welcome-file-list>

      <welcome-file>html/index.jsp</welcome-file>

      </welcome-file-list>

       

      The content of html/index.jsp is  as follow:

      <html>

      <body>

      <h2>JSP URI, URL, Context</h2>

      Request Context Path: <%= request.getContextPath() %><br>

      Request URI:          <%= request.getRequestURI() %><br>

      Request URL:          <%= request.getRequestURL() %><br>

      </body>

      </html>

       

      Navigating to the following url : http://localhost:8080/welcomeWeb/localhost:8080/welcome

      Give:

      Request Context Path: /welcome

      Request URI: /welcome/

      Request URL: http://localhost:8080/welcome/

      It is as expected and as described in this ticket: [UNDERTOW-348] getRequestURI returns welcome file instead of original request - JBoss Issue Tracker

       

       

      2) welcome-file + form based authentication

       

      Now I protect html/index.jsp with a form based authentication:

       

      web.xml:

      <security-constraint>

        <web-resource-collection>

          <web-resource-name>authenticated users</web-resource-name>

          <url-pattern>*.jsp</url-pattern>

        </web-resource-collection>

        <auth-constraint>

          <role-name>roletest</role-name>

        </auth-constraint>

      </security-constraint>

       

      <login-config>

        <auth-method>FORM</auth-method>

        <realm-name>ApplicationRealm</realm-name>

        <form-login-config>

          <form-login-page>/html/login.html</form-login-page>

        </form-login-config>

      </login-config>

       

      The content of /html/login.html is:

      <form action="j_security_check" method="post">

        <input type="text" placeholder="Username" name="j_username">

        <input type="password" placeholder="Password" name="j_password">

        <input type="submit">

      </form>

       

       

      Navigating to the following url : http://localhost:8080/welcomeWeb/localhost:8080/welcome

      Redirect to the login page, and after authentication html/index.jsp displays the following:

      Request Context Path: /welcome

      Request URI: /welcome/html/index.jsp

      Request URL: http://localhost:8080/welcome/html/index.jsp

       

      getRequestURI is incorrect and it breaks the application I am trying to migrate. On Jboss AS 7 there is no problem and getRequestURI  returns the same value in both case (welcome-file with or without form based authentication).

       

       

      For me it's a bug (behavior should be the same), and I would like your opinion about it. I can attach a sample webapp to reproduce the problem if you want.

       

      Thank you in advance.

      Regards

      Alain