0 Replies Latest reply on Nov 21, 2003 9:48 AM by Ian Butcher

    302 inconsistency between JBoss 2.4.4 and JBoss 3.2

    Ian Butcher Newbie

      Hi,

      I am assessing how much work it would be to move from my comfortable and stable 2.4 container up to 3.2 and I've found some weirdness in the web container.

      Below are two http traces (I can't seem to attach them), one from 2.4.4 (with tomcat 3.2) and the other from 3.2.0 (I've tried it with 3.2.2 and had the same results). Basically it looks like the 302 that is being sent from Jetty is broken.

      The behaviour that works in 2.4.4 and that I would expect to work in 3.2 is this:

      1. user tries to go to the URL /pds/ui and they are redirected (302) to the the index.jsp.

      2. index.jsp is protected so the container sends a 302 to the login form (form based auth).

      3. browser loads the page by issuing some GETS.

      4. user enter their user id and password (POST).

      5. browser now goes to index.jsp.


      I have also put the relevant web.xml at the end of this post in case that helps.

      Any thoughts on whether I am at fault here and 2.4 was just helping me out or whether there is a problem in 3.2 would be appreciated.

      Regards,

      Ian.

      JBoss 2.4.4
      =================

      Browser --> JBoss

      GET /pds/ui HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive


      Browser <-- JBoss

      HTTP/1.0 302 Found
      Content-Type: text/html
      Location: http://localhost:8080/pds/ui/index.jsp
      Content-Length: 171
      Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)

      Document moved
      <h1>Document moved</h1>
      This document has moved here.



      Browser --> JBoss

      GET /pds/ui/index.jsp HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive


      Browser <-- JBoss

      HTTP/1.0 302 Found
      Content-Type: text/html
      Location: http://localhost:8080/pds/login/login.html
      Content-Length: 175
      Set-Cookie2: JSESSIONID=vbxvruvnv1;Version=1;Discard;Path="/pds"
      Set-Cookie: JSESSIONID=vbxvruvnv1;Path=/pds
      Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)

      Document moved
      <h1>Document moved</h1>
      This document has moved here.



      Browser --> JBoss

      GET /pds/login/login.html HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      If-Modified-Since: Thu, 16 Oct 2003 13:56:26 GMT; length=2867
      Cookie: JSESSIONID=vbxvruvnv1


      Browser <-- JBoss

      HTTP/1.0 200 OK
      Content-Type: text/html
      Content-Length: 2867
      Last-Modified: Thu, 16 Oct 02003 13:56:26 GMT
      Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)


      ...
      ...


      Browser --> JBoss


      GET /pds/image/logo.gif HTTP/1.1
      Accept: */*
      Referer: http://localhost:8080/pds/login/login.html
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      If-Modified-Since: Fri, 25 Jan 2002 15:18:56 GMT; length=2901
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Cookie: JSESSIONID=vbxvruvnv1

      Browser --> JBoss

      GET /pds/image/XXX.gif HTTP/1.1
      Accept: */*
      Referer: http://localhost:8080/pds/login/login.html
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      If-Modified-Since: Thu, 13 Dec 2001 19:07:32 GMT; length=77
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Cookie: JSESSIONID=vbxvruvnv1


      Browser --> JBoss

      GET /pds/image/YYY.gif HTTP/1.1
      Accept: */*
      Referer: http://localhost:8080/pds/login/login.html
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      If-Modified-Since: Thu, 13 Dec 2001 19:07:32 GMT; length=77
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Cookie: JSESSIONID=vbxvruvnv1


      Browser <-- JBoss

      HTTP/1.0 200 OK
      Content-Type: image/gif
      Content-Length: 2901
      Last-Modified: Fri, 25 Jan 02002 15:18:56 GMT
      Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.4.2_02; Windows XP 5.1 x86; java.vendor=Sun Microsystems Inc.)



      Browser --> JBoss

      POST /pds/login/j_security_check HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
      Referer: http://localhost:8080/pds/login/login.html
      Accept-Language: en-us
      Content-Type: application/x-www-form-urlencoded
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Content-Length: 50
      Connection: Keep-Alive
      Cache-Control: no-cache
      Cookie: JSESSIONID=vbxvruvnv1

      j_username=XXXXXXXXX&j_password=XXXXXXXX&Submit=Submit



      JBoss 3.2.0
      ===============

      Browser --> JBoss

      GET /pds/ui HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive


      Browser <-- JBoss

      HTTP/1.1 302 Moved Temporarily
      Date: Wed, 19 Nov 2003 14:23:26 GMT
      Server: Jetty/4.2.9 (Windows XP/5.1 x86 java/1.4.2_02)
      Location: http://localhost:8080/pds/ui/
      Transfer-Encoding: chunked

      0


      Browser --> JBoss

      GET /pds/ui/ HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive


      Web.xml
      ============

      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!DOCTYPE web-app
      PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
      "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

      <web-app>

      <!-- added for jikes support in tomcat -->
      <!--
      <servlet-name>
      jsp
      </servlet-name>
      <servlet-class>
      org.apache.jasper.servlet.JspServlet
      </servlet-class>
      <init-param>
      <param-name>jspCompilerPlugin</param-name>
      <param-value>org.apache.jasper.compiler.JikesJavaCompiler</param-value>
      </init-param>
      <load-on-startup>
      -2147483646
      </load-on-startup>
      -->


      <!-- added for jikes support in tomcat -->
      <!-- <servlet-mapping>
      <servlet-name>
      jsp
      </servlet-name>
      <url-pattern>
      *.jsp
      </url-pattern>
      </servlet-mapping> -->


      <!-- ### Added JSP Support for JSP Tags -->

      <taglib-uri>pgstags</taglib-uri>
      <taglib-location>/WEB-INF/lib/pgstags.jar</taglib-location>


      <!-- ### Added support for Apache's xtags -->

      <taglib-uri>xtags</taglib-uri>
      <taglib-location>/WEB-INF/lib/taglibs-xtags.tld</taglib-location>


      <!-- ### Security NOTE As Per DTD there should only be one of these for each ROLE -->
      <security-constraint>
      <!-- ### Specify the WEB Method names that we are securing here -->
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Secure Servlets
      <url-pattern>/ui/administration/*</url-pattern>
      <url-pattern>/ui/application/*</url-pattern>
      <url-pattern>/ui/buttons/*</url-pattern>
      <url-pattern>/ui/command/*</url-pattern>
      <url-pattern>/ui/device/*</url-pattern>
      <url-pattern>/ui/devicetype/*</url-pattern>
      <url-pattern>/ui/error/*</url-pattern>
      <url-pattern>/ui/iconbar/*</url-pattern>
      <url-pattern>/ui/install/*</url-pattern>
      <url-pattern>/ui/logging/*</url-pattern>
      <url-pattern>/ui/navigation/*</url-pattern>
      <url-pattern>/ui/png/*</url-pattern>
      <url-pattern>/ui/popup/*</url-pattern>
      <url-pattern>/ui/patch/*</url-pattern>
      <url-pattern>/ui/status/*</url-pattern>
      <url-pattern>/ui/user/*</url-pattern>
      <url-pattern>/ui/xml/*</url-pattern>

      <!--<url-pattern>@secure-alias@/*</url-pattern>-->
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>

      <!-- ### Define SUPER Role as per ejb-jar descriptors
      Note cannot defile multiple roles here -->
      <auth-constraint>
      <role-name>SUPER</role-name>
      <role-name>ADMIN</role-name>
      </auth-constraint>

      <!-- <user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>-->
      </security-constraint>


      <!-- ### Security NOTE As Per DTD there should only be one of these for each ROLE -->
      <security-constraint>
      <!-- ### Specify the WEB Method names that we are securing here -->
      <web-resource-collection>
      <web-resource-name>Restricted</web-resource-name>
      Secure Servlets
      <url-pattern>/ui/sipxchange/*</url-pattern>
      <url-pattern>/ui/initialize/*</url-pattern>
      <url-pattern>/ui/profile/*</url-pattern>
      <url-pattern>/ui/popup/*</url-pattern>
      <url-pattern>/ui/script/*</url-pattern>
      <url-pattern>/ui/help/*</url-pattern>
      <url-pattern>/ui/xml/update_configuration_set.jsp</url-pattern>

      <url-pattern>/ui/index.jsp</url-pattern>
      <url-pattern>/ui/welcome.jsp</url-pattern>
      <url-pattern>/ui/frameset.html</url-pattern>

      <!--<url-pattern>@secure-alias@/*</url-pattern>-->
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>

      <!-- ### Define SUPER Role as per ejb-jar descriptors
      Note cannot defile multiple roles here -->
      <auth-constraint>
      <role-name>SUPER</role-name>
      <role-name>ADMIN</role-name>
      <role-name>END_USER</role-name>
      </auth-constraint>

      <!--<user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>-->
      </security-constraint>

      <!-- ### Security for Commserver UI pages -->
      <security-constraint>
      <!-- ### Specify the WEB Method names that we are securing here -->
      <web-resource-collection>
      <web-resource-name>CommserverUI</web-resource-name>
      Secure CommserverUI
      <url-pattern>/commserver/*</url-pattern>

      <!--<url-pattern>@secure-alias@/*</url-pattern>-->
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>

      <!-- ### Define SUPER Role as per ejb-jar descriptors
      Note cannot defile multiple roles here -->
      <auth-constraint>
      <role-name>SUPER</role-name>
      <role-name>ADMIN</role-name>
      </auth-constraint>

      <!-- <user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>-->
      </security-constraint>



      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login/login.html</form-login-page>
      <form-error-page>/login/error.html</form-error-page>
      </form-login-config>
      </login-config>

      <security-role>
      Role Requirements to call Servlets
      <role-name>SUPER</role-name>
      </security-role>


      </web-app>