1 Reply Latest reply on Mar 1, 2012 4:21 PM by Tanya Ruttenberg

    Toolkit app only accessible via IP address

    Tanya Ruttenberg Expert

      I just installed 7.1.0.Final. I'm trying to figure out how to set up security, so I deployed the jboss-negotiation-toolkit that I got from here https://community.jboss.org/wiki/DRAFTUsingJBossNegotiationOnAS7

       

      The toolkit is working on Basic Negotiation and the Secure Domain Test.  For some reason it is failing on Secured servlet test.  I'm trying to debug that problem, but I encountered another rproblem and that's why I'm posting here.  I'm hoping the two problems are related to each other.

      I can only access the toolkit via IP address. When I try to access it via hostname, I get "HTTP 400 Bad Request" on the browser (IE) but "No Authorization Header, sending 401" in the logfile. No other error.  Sometimes I can get the home page when I use the hostname, but without fail when I try to click through any of the links I get the same error.

      This works without fail and I can click through any of the links to the servlet mapped to the link:

      http://172.17.187.208:8080/jboss-negotiation-toolkit-mod

      This home page works sporadically, and NEVER fires the servlet when I click through.

      http://s00c208.ba.ssa.gov:8080/jboss-negotiation-toolkit-mod

      I tried setting up my server hostname as an alias to the default virtual server. From standalone.xml

              <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host">
                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                  <virtual-server name="default-host" enable-welcome-root="true">
                      <alias name="localhost"/>
                      <alias name="example.com"/>
                      <alias name="s00c208.ba.ssa.gov"/>
                  </virtual-server>
              </subsystem>

      But this did not fix it.

       

      Ideas anyone?

       

      TDR

        • 1. Re: Toolkit app only accessible via IP address
          Tanya Ruttenberg Expert

          More information.  I snooped traffic between my PC and my app server.

           

          Here is the order of events for traffic from my PC to IP address 172.17.187.208

           

          me -> GET /jboss-negotiation-toolkit/

          as7 -> ack

          as7 -> HTTP/1.1 302 Moved Temporarily

          me -> GET /jboss-negotiation-toolkit/

          as7 -> ack

          as7 -> HTTP/1.1 304 Not Modified

           

          and the page gets delivered as it should.

           

          Here is the order of events for traffic from my PC to hostname s00c208.ba.ssa.gov

           

          me -> GET /jboss-negotiation-toolkit/

          as7 -> ack

          as7 -> HTTP/1.1 302 Moved Temporarily

          me -> [TCP segment of a reassembled PDU]   (whatever that is - it's not good)

          as7 -> ack

          me -> [TCP segment of a reassembled PDU]

          me -> [TCP segment of a reassembled PDU]

          as7 -> ack

           

          etc. Obviously not a healthy response.

           

          Does this help?

           

           

          TDR