Home » Eclipse Projects » Remote Application Platform (RAP) » Problem with RAP Browser component and SSL
| Problem with RAP Browser component and SSL [message #507215] |
Tue, 12 January 2010 09:24  |
Eclipse User |
|
|
|
We developed an Eclipse RAP (version 1.2.1) application and now we are
deploying the application to the target environment.
The components of the target environment are like this:
Browser ==HTTPS==> reverse proxy (stunnel(SSL terminate) + HAProxy)
==HTTP==> Tomcat (RAP application)
It means that the browser has SSL communication to the proxy and proxy
non-SSL (HTTP) communication to the Tomcat server.
The URL of the application is https://proxyserver:port/webapp/entrypoint
We have problem with RAP Browser component, which calls non-SSL
http://.. protocol from browser and the proxy refuses the request.
The usage of RAP Browser component is like this:
Browser browser = new Browser(parentComposite, SWT.NONE);
browser.setText("<html><body>text</body></html>");
On the client side there is an IFRAME generated:
<iframe ...
src=" http://proxyserver:port/webapp/org.eclipse.swt.browser/text1 043122107.html">
The HTTP protocol in the URL is the source of the problem (it should be
HTTPS).
When we try to connect client browser directly to the Tomcat server with
SSL everything is OK, the client uses HTTPS protocol in IFRAME.
I went through following bug reports:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=285815
http://bugzilla.qooxdoo.org/show_bug.cgi?id=2728
http://bugzilla.qooxdoo.org/show_bug.cgi?id=710
It looks like there is a solution of our problem but I cannot modify
current qx.js file in org.eclipse.rap.rwt.q07_1.2.0.20090813-1453.jar
because this file is compressed version of qooxdoo. I tried to replace
the qooxdoo class qx.io.Alias in qx-debug.js and run RAP in debug mode
(-Dorg.eclipse.rwt.clientLibraryVariant=DEBUG). But it doesn't work. The
first request ends with the error:
Could not evaluate javascript response:
Error in property boundToWidget of class org.eclipse.rwt.widgets.ToolTip
in method setBoundToWidget with incoming value 'null': Null value is not
allowed!
org.eclipse.swt.EventUtil.suspendEventHandling();var req =
org.eclipse.swt.Request.getInstance();req.setRequestCounter( "0"
);qx.theme.manager.Meta.getInstance().setTheme(
org.eclipse.swt.theme.Custom_1
);org.eclipse.swt.Request.getInstance().setTimeoutPage( "The server
session timed out.Please click here to restart the session." );var wm =
org.eclipse.swt.WidgetManager.getInstance();var w = wm.newWidget( ....
....even when I use original unmodified qx-debug.js file from RAP 1.2.1.
Then I tried to download the latest sources of RAP 1.2.1 from CVS where
(I think) the problem could be solved. In CVS there is really version
1.23 of qx.js file for branch v12_maintenance and there is also version
1.23.2.3 which probably contains the fix. I don't know how to get all
RAP sources from CVS corresponding to the fixed version 1.23.2.3 of
qx.js. I cannot find any corresponding tag or branch.
Can someone help us to solve the problem?
Thanks
|
|
| |
| Re: Problem with RAP Browser component and SSL [message #507436 is a reply to message #507285] |
Wed, 13 January 2010 04:06  |
| Eclipse User |
|
|
|
When I monitor the communication (in Fiddler2) I can see this code in
the response:
....
var w = wm.newWidget( "w829", "w827", true, null,
"org.eclipse.swt.browser.Browser" );
w.setSpace( 63, 279, 10, 112 );
w.setZIndex( 299 );
w.setTabIndex( 3 );
w.setBackgroundColor( null );
w.setSource(
" http://proxyserver:port/webapp/org.eclipse.swt.browser/text- 699174304.html"
);
....
So the server generates absolute URL in attribute "source". The problem
is that client (browser) uses HTTPS for communication with the proxy,
but the proxy uses non-secure HTTP with Tomcat. It seems that RAP uses
ContextProvider.getRequest().getScheme() for building the URL. Therefore
there is HTTP protocol in the generated URL that is sent to the client
and this URL cannot be handled by the proxy because the client can only
use HTTPS with the proxy.
It is interesting that this problem is only in FireFox (using version
3.5.7) but not in Internet Explorer (tested versions 7 and 8). I tried
to monitor IE by means of Fiddler2 but in this case the problem was the
same as in FF.
I went through the sources of BrowserLCA and here is the execution path
(marked with "===>"):
------------------------------------------------------------ --
class BrowserLCA
------------------------------------------------------------ --
public void renderChanges( final Widget widget ) throws IOException {
Browser browser = ( Browser )widget;
ControlLCAUtil.writeChanges( browser );
===> writeUrl( browser );
writeExecute( browser );
WidgetLCAUtil.writeCustomVariant( browser );
}
private static void writeUrl( final Browser browser )
throws IOException
{
if( hasUrlChanged( browser ) ) {
JSWriter writer = JSWriter.getWriterFor( browser );
writer.set( QX_FIELD_SOURCE, ===> getUrl( browser ) );
}
}
static String getUrl( final Browser browser ) throws IOException {
String text = getText( browser );
String url = browser.getUrl();
String result;
if( text != null && !"".equals( text.trim() ) ) {
===> result = registerHtml( text );
} else if( url != null && !"".equals( url.trim() ) ) {
result = url;
} else {
result = registerHtml( BLANK_HTML );
}
return result;
}
private static String registerHtml( final String html ) throws
IOException {
String name = createUrlFromHtml( html );
byte[] bytes = html.getBytes( "UTF-8" );
InputStream inputStream = new ByteArrayInputStream( bytes );
ResourceManager.getInstance().register( name, inputStream );
return ===> ResourceManager.getInstance().getLocation( name );
}
------------------------------------------------------------ --
class RsourceManagerImpl
------------------------------------------------------------ --
public String getLocation( final String name ) {
ParamCheck.notNull( name, "name" );
String key = createKey( name );
String fileName = ( String )repository.get( key );
Assert.isNotNull( fileName, "No resource registered for key " + name );
return ===> createRequestURL( fileName, findVersion( name ) );
}
private static String createRequestURL( final String fileName,
final Integer version )
{
String result;
String newFileName = fileName.replace( '\\', '/' );
if( isDeliveryMode( DELIVER_FROM_DISK ) ) {
StringBuffer url = new StringBuffer();
url.append( ===> URLHelper.getContextURLString() );
url.append( "/" );
String escapedFilename = escapeFilename( newFileName );
url.append( versionedResourceName( escapedFilename, version ) );
result = url.toString();
} else {
StringBuffer url = new StringBuffer();
url.append( URLHelper.getURLString( false ) );
URLHelper.appendFirstParam( url, RequestParams.RESOURCE,
newFileName );
if( version != null ) {
URLHelper.appendParam( url,
RequestParams.RESOURCE_VERSION,
String.valueOf( version.intValue() ) );
}
result = ContextProvider.getResponse().encodeURL( url.toString() );
}
return result;
}
------------------------------------------------------------ --
class UrlHelper
------------------------------------------------------------ --
public static String getContextURLString() {
HttpServletRequest request = ContextProvider.getRequest();
StringBuffer result = new StringBuffer();
result.append( ===> getServerURL() );
result.append( request.getContextPath() );
return result.toString();
}
private static String getServerURL() {
HttpServletRequest request = ContextProvider.getRequest();
String port = URLHelper.createPortPattern( request );
StringBuffer result = new StringBuffer();
String serverName = request.getServerName();
result.append( ===> request.getScheme() ); // <<***
result.append( "://" );
result.append( serverName );
result.append( port );
return result.toString();
}
The line marked with "<<***" is probably the root of the problem, here
is set HTTP instead of HTTPS. Maybe it's problem of Tomcat or problem of
FireFox (not setting some header?).
Does someone have a suggestion how to solve this situation?
I appreciate any idea. Thanks.
> Hi Michael,
>
> I wonder why the Browser widget renders a "http" instead of "https" as
> url. As far as I can see it from the RAP-code (BrowserLCA), only
> relative urls are used. Have you examined this more deeply?
>
> We use the browser widget together with https and didn't run into this
> problem.
>
> The bugs you refer to are about images paths and https - I think this is
> a different problem isn't it?
>
> Regards,
> Stefan.
|
|
|
| Re: Problem with RAP Browser component and SSL [message #507454 is a reply to message #507436] |
Wed, 13 January 2010 09:27 |
| Eclipse User |
|
|
|
Hi Michal,
I've just checked the browser.setText() method with CVS HEAD ( FF 3.5.7
) and it generate the relative path for javascript setSource function.
Can you confirm that the problem does not exist with CVS HEAD?
Best,
Ivan
On 1/13/2010 3:58 PM, Michal NkD Nikodím wrote:
> When I monitor the communication (in Fiddler2) I can see this code in
> the response:
>
> ...
> var w = wm.newWidget( "w829", "w827", true, null,
> "org.eclipse.swt.browser.Browser" );
> w.setSpace( 63, 279, 10, 112 );
> w.setZIndex( 299 );
> w.setTabIndex( 3 );
> w.setBackgroundColor( null );
> w.setSource(
> " http://proxyserver:port/webapp/org.eclipse.swt.browser/text- 699174304.html"
> );
> ...
>
> So the server generates absolute URL in attribute "source". The
> problem is that client (browser) uses HTTPS for communication with the
> proxy, but the proxy uses non-secure HTTP with Tomcat. It seems that
> RAP uses ContextProvider.getRequest().getScheme() for building the
> URL. Therefore there is HTTP protocol in the generated URL that is
> sent to the client and this URL cannot be handled by the proxy because
> the client can only use HTTPS with the proxy.
>
> It is interesting that this problem is only in FireFox (using version
> 3.5.7) but not in Internet Explorer (tested versions 7 and 8). I tried
> to monitor IE by means of Fiddler2 but in this case the problem was
> the same as in FF.
>
> I went through the sources of BrowserLCA and here is the execution
> path (marked with "===>"):
>
> ------------------------------------------------------------ --
> class BrowserLCA
> ------------------------------------------------------------ --
> public void renderChanges( final Widget widget ) throws IOException {
> Browser browser = ( Browser )widget;
> ControlLCAUtil.writeChanges( browser );
> ===> writeUrl( browser );
> writeExecute( browser );
> WidgetLCAUtil.writeCustomVariant( browser );
> }
>
> private static void writeUrl( final Browser browser )
> throws IOException
> {
> if( hasUrlChanged( browser ) ) {
> JSWriter writer = JSWriter.getWriterFor( browser );
> writer.set( QX_FIELD_SOURCE, ===> getUrl( browser ) );
> }
> }
>
> static String getUrl( final Browser browser ) throws IOException {
> String text = getText( browser );
> String url = browser.getUrl();
> String result;
> if( text != null && !"".equals( text.trim() ) ) {
> ===> result = registerHtml( text );
> } else if( url != null && !"".equals( url.trim() ) ) {
> result = url;
> } else {
> result = registerHtml( BLANK_HTML );
> }
> return result;
> }
>
> private static String registerHtml( final String html ) throws
> IOException {
> String name = createUrlFromHtml( html );
> byte[] bytes = html.getBytes( "UTF-8" );
> InputStream inputStream = new ByteArrayInputStream( bytes );
> ResourceManager.getInstance().register( name, inputStream );
> return ===> ResourceManager.getInstance().getLocation( name );
> }
>
> ------------------------------------------------------------ --
> class RsourceManagerImpl
> ------------------------------------------------------------ --
> public String getLocation( final String name ) {
> ParamCheck.notNull( name, "name" );
> String key = createKey( name );
> String fileName = ( String )repository.get( key );
> Assert.isNotNull( fileName, "No resource registered for key " +
> name );
> return ===> createRequestURL( fileName, findVersion( name ) );
> }
>
> private static String createRequestURL( final String fileName,
> final Integer version )
> {
> String result;
> String newFileName = fileName.replace( '\\', '/' );
> if( isDeliveryMode( DELIVER_FROM_DISK ) ) {
> StringBuffer url = new StringBuffer();
> url.append( ===> URLHelper.getContextURLString() );
> url.append( "/" );
> String escapedFilename = escapeFilename( newFileName );
> url.append( versionedResourceName( escapedFilename, version ) );
> result = url.toString();
> } else {
> StringBuffer url = new StringBuffer();
> url.append( URLHelper.getURLString( false ) );
> URLHelper.appendFirstParam( url, RequestParams.RESOURCE,
> newFileName );
> if( version != null ) {
> URLHelper.appendParam( url,
> RequestParams.RESOURCE_VERSION,
> String.valueOf( version.intValue() ) );
> }
> result = ContextProvider.getResponse().encodeURL( url.toString() );
> }
> return result;
> }
> ------------------------------------------------------------ --
> class UrlHelper
> ------------------------------------------------------------ --
> public static String getContextURLString() {
> HttpServletRequest request = ContextProvider.getRequest();
> StringBuffer result = new StringBuffer();
> result.append( ===> getServerURL() );
> result.append( request.getContextPath() );
> return result.toString();
> }
>
> private static String getServerURL() {
> HttpServletRequest request = ContextProvider.getRequest();
> String port = URLHelper.createPortPattern( request );
> StringBuffer result = new StringBuffer();
> String serverName = request.getServerName();
> result.append( ===> request.getScheme() ); // <<***
> result.append( "://" );
> result.append( serverName );
> result.append( port );
> return result.toString();
> }
>
> The line marked with "<<***" is probably the root of the problem, here
> is set HTTP instead of HTTPS. Maybe it's problem of Tomcat or problem
> of FireFox (not setting some header?).
>
> Does someone have a suggestion how to solve this situation?
> I appreciate any idea. Thanks.
>
>
>
>> Hi Michael,
>>
>> I wonder why the Browser widget renders a "http" instead of "https" as
>> url. As far as I can see it from the RAP-code (BrowserLCA), only
>> relative urls are used. Have you examined this more deeply?
>>
>> We use the browser widget together with https and didn't run into this
>> problem.
>>
>> The bugs you refer to are about images paths and https - I think this is
>> a different problem isn't it?
>>
>> Regards,
>> Stefan.
|
|
|
| Re: Problem with RAP Browser component and SSL [message #509439 is a reply to message #507454] |
Fri, 22 January 2010 03:02 |
| Eclipse User |
|
|
|
We solved the problem by setting the scheme attribute for Tomcat
connector to "https" (in server.xml):
<Connector port="8080" protocol="HTTP/1.1"
....
scheme="https" />
Then the function HttpServletRequest.getScheme() returns "https" and the
URL generated for client is OK.
Dne 13.1.2010 15:27, Ivan Furnadjiev napsal(a):
> Hi Michal,
>
> I've just checked the browser.setText() method with CVS HEAD ( FF 3.5.7
> ) and it generate the relative path for javascript setSource function.
> Can you confirm that the problem does not exist with CVS HEAD?
>
> Best,
> Ivan
|
|
|
Goto Forum:
Current Time: Tue Jul 22 23:43:20 EDT 2025
Powered by FUDForum. Page generated in 0.04087 seconds |
Home