Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18378

[GSS](7.2.z) UNDERTOW-1637 - Http-404 is returned when accessing protected application context resource without a trailing slash

    XMLWordPrintable

Details

    • ?
    • Workaround Exists
    • Hide

      Possible workarounds:

      • use JBoss CLI with Undertow rewrite filter or expression-filter, aka:
      /subsystem=undertow/configuration=filter/rewrite=test-rewrite-slash:add(redirect="true",target="%U/")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=test-rewrite-slash:add(predicate="equals(%R,/context)")

      or 

      /subsystem=undertow/configuration=filter/expression-filter=app-slash:add(expression="redirect('%U/')")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=app-slash:add(predicate="method(GET) and regex(pattern=/context, value=%U, full-match=true)")
      • modify the login.jsp file to send the POST always inside the context path:
        <form method="post" action="/context/j_security_check" enctype="application/x-www-form-urlencoded">
    Username <input type="text" name="j_username" /><br />
    Password <input type="password" name="j_password" />
    <input type="submit" name="submit" value="Login" />
  </form>
      Show
      Possible workarounds: use JBoss CLI with Undertow rewrite filter or expression-filter, aka: /subsystem=undertow/configuration=filter/rewrite=test-rewrite-slash:add(redirect= " true " ,target= "%U/" ) /subsystem=undertow/server= default -server/host= default -host/filter-ref=test-rewrite-slash:add(predicate= "equals(%R,/context)" ) or /subsystem=undertow/configuration=filter/expression-filter=app-slash:add(expression= "redirect( '%U/' )" ) /subsystem=undertow/server= default -server/host= default -host/filter-ref=app-slash:add(predicate= "method(GET) and regex(pattern=/context, value=%U, full-match= true )" ) modify the login.jsp file to send the POST always inside the context path: <form method= "post" action= "/context/j_security_check" enctype= "application/x-www-form-urlencoded" > Username <input type= "text" name= "j_username" /><br /> Password <input type= "password" name= "j_password" /> <input type= "submit" name= "submit" value= "Login" /> </form>
    • Hide
      • Use EAP 7.2.5 or later (but issue should be also reproducible on 7.2.4)
      • Have a simple servlet application secured with a "FORM" login auth-method
      • Access the application root context path without a trailing slash (e.g. "https://localhost:8443/context" )
      Show
      Use EAP 7.2.5 or later (but issue should be also reproducible on 7.2.4) Have a simple servlet application secured with a "FORM" login auth-method Access the application root context path without a trailing slash (e.g. "https://localhost:8443/context" )

    Description

      When accessing an application that uses a "FORM" based login auth-method, the app root context parg (e.g "/context") is not redirected anymore with a trailing slash (e.g to "/context/").
      This leads the "J_security_check" to be checked on the uri path "/j_security_check" instead of "/context/j_security_check" and hence causing an HTTP-404 Not Found error.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-18488 [GSS](7.3.z) UNDERTOW-1637 - Http-404 is returned when accessing protected application context resource without a trailing slash

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-19072 [GSS](7.2.z) j_security_check fails without trailing slash redirect

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-18267 [GSS] (7.2.z) Upgrade Undertow from 2.0.28.SP1-redhat-00001 to 2.0.30.SP1-redhat-00001

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          Web Link KB Solution

          Activity

            People

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-igueye Issa Gueye
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: