1 Reply Latest reply on Apr 4, 2017 7:51 PM by Rodrigo Darti da Costa

    Many java.net.URISyntaxException, on Wildfly 10.1.0 Server in Production. How should I proceed?

    Rodrigo Darti da Costa Newbie

      Hello everyone!

       

      I'm running my Wildfly 10.1.0 Final server inside a Linux Server Ubuntu 16.04.2 LTS, I put the SSL from letsencrypt.org running with the H2 protocol and Spring Security 4.2.2.RELEASE in Production.

       

      The server is working fine with a very good performance and is not slow but I'm getting many bug reports in the wildfly log of java.net.URISyntaxException (Error 500).

      I am with New Relic installed on Wildfly and it is also reporting many 500 errors as well.

       

      I went to do a researched and found this bug report on Undertow: Https://issues.jboss.org/browse/UNDERTOW-592

      Apparently It looks like it was fixed in Undertow version 1.2.13.Finally I went to check and Wildfly 10.1.0 Final is currently using version 1.0.2.Final.

      (Wildfly 11 will have this new version with a fix?)

       

      But I do not only have attempts to web proxy scanners, I'm also trying some attempts by invaders trying something like:

      Http: www (...) /admin/phpmyadmin/

                               Mysqlmanager

                               Admin

                               etc...

      They always have the same stack trace:

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      at java.net.URI.checkPath(URI.java:1823)

        at java.net.URI.<init>(URI.java:672)

        at io.undertow.security.handlers.SinglePortConfidentialityHandler.getRedirectURI(SinglePortConfidentialityHandler.java:51)

        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.getRedirectURI(ServletConfidentialityConstraintHandler.java:83)

        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:49)

        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)

        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

        at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

        at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

        at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

        at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

        at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

        at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)

        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

        at java.lang.Thread.run(Thread.java:745)

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

       

      Is there any action I can take (or code) to avoid these types of java.net.URISyntaxException errors, or at least I treat them?

      Or (And) even put some kind of security to prevents attempts from intruders?

       

      Thanks in advance for all the help.