Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » Problem with RAP Browser component and SSL
Problem with RAP Browser component and SSL [message #507215] Tue, 12 January 2010 14:24 Go to next message
NkD Missing name is currently offline NkD Missing nameFriend
Messages: 61
Registered: July 2009
Member
We developed an Eclipse RAP (version 1.2.1) application and now we are
deploying the application to the target environment.

The components of the target environment are like this:

Browser ==HTTPS==> reverse proxy (stunnel(SSL terminate) + HAProxy)
==HTTP==> Tomcat (RAP application)

It means that the browser has SSL communication to the proxy and proxy
non-SSL (HTTP) communication to the Tomcat server.

The URL of the application is https://proxyserver:port/webapp/entrypoint

We have problem with RAP Browser component, which calls non-SSL
http://.. protocol from browser and the proxy refuses the request.

The usage of RAP Browser component is like this:
Browser browser = new Browser(parentComposite, SWT.NONE);
browser.setText("<html><body>text</body></html>");

On the client side there is an IFRAME generated:
<iframe ...
src=" http://proxyserver:port/webapp/org.eclipse.swt.browser/text1 043122107.html">

The HTTP protocol in the URL is the source of the problem (it should be
HTTPS).

When we try to connect client browser directly to the Tomcat server with
SSL everything is OK, the client uses HTTPS protocol in IFRAME.

I went through following bug reports:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=285815
http://bugzilla.qooxdoo.org/show_bug.cgi?id=2728
http://bugzilla.qooxdoo.org/show_bug.cgi?id=710

It looks like there is a solution of our problem but I cannot modify
current qx.js file in org.eclipse.rap.rwt.q07_1.2.0.20090813-1453.jar
because this file is compressed version of qooxdoo. I tried to replace
the qooxdoo class qx.io.Alias in qx-debug.js and run RAP in debug mode
(-Dorg.eclipse.rwt.clientLibraryVariant=DEBUG). But it doesn't work. The
first request ends with the error:

Could not evaluate javascript response:
Error in property boundToWidget of class org.eclipse.rwt.widgets.ToolTip
in method setBoundToWidget with incoming value 'null': Null value is not
allowed!
org.eclipse.swt.EventUtil.suspendEventHandling();var req =
org.eclipse.swt.Request.getInstance();req.setRequestCounter( "0"
);qx.theme.manager.Meta.getInstance().setTheme(
org.eclipse.swt.theme.Custom_1
);org.eclipse.swt.Request.getInstance().setTimeoutPage( "The server
session timed out.Please click here to restart the session." );var wm =
org.eclipse.swt.WidgetManager.getInstance();var w = wm.newWidget( ....

....even when I use original unmodified qx-debug.js file from RAP 1.2.1.

Then I tried to download the latest sources of RAP 1.2.1 from CVS where
(I think) the problem could be solved. In CVS there is really version
1.23 of qx.js file for branch v12_maintenance and there is also version
1.23.2.3 which probably contains the fix. I don't know how to get all
RAP sources from CVS corresponding to the fixed version 1.23.2.3 of
qx.js. I cannot find any corresponding tag or branch.

Can someone help us to solve the problem?

Thanks
Re: Problem with RAP Browser component and SSL [message #507285 is a reply to message #507215] Tue, 12 January 2010 13:18 Go to previous messageGo to next message
Stefan   is currently offline Stefan Friend
Messages: 316
Registered: July 2009
Senior Member
Hi Michael,

I wonder why the Browser widget renders a "http" instead of "https" as
url. As far as I can see it from the RAP-code (BrowserLCA), only
relative urls are used. Have you examined this more deeply?

We use the browser widget together with https and didn't run into this
problem.

The bugs you refer to are about images paths and https - I think this is
a different problem isn't it?

Regards,
Stefan.


Michal NkD Nikodím schrieb:
> We developed an Eclipse RAP (version 1.2.1) application and now we are
> deploying the application to the target environment.
>
> The components of the target environment are like this:
>
> Browser ==HTTPS==> reverse proxy (stunnel(SSL terminate) + HAProxy)
> ==HTTP==> Tomcat (RAP application)
>
> It means that the browser has SSL communication to the proxy and proxy
> non-SSL (HTTP) communication to the Tomcat server.
>
> The URL of the application is https://proxyserver:port/webapp/entrypoint
>
> We have problem with RAP Browser component, which calls non-SSL
> http://.. protocol from browser and the proxy refuses the request.
>
> The usage of RAP Browser component is like this:
> Browser browser = new Browser(parentComposite, SWT.NONE);
> browser.setText("<html><body>text</body></html>");
>
> On the client side there is an IFRAME generated:
> <iframe ...
> src=" http://proxyserver:port/webapp/org.eclipse.swt.browser/text1 043122107.html">
>
>
> The HTTP protocol in the URL is the source of the problem (it should be
> HTTPS).
>
> When we try to connect client browser directly to the Tomcat server with
> SSL everything is OK, the client uses HTTPS protocol in IFRAME.
>
> I went through following bug reports:
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=285815
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=2728
> http://bugzilla.qooxdoo.org/show_bug.cgi?id=710
>
> It looks like there is a solution of our problem but I cannot modify
> current qx.js file in org.eclipse.rap.rwt.q07_1.2.0.20090813-1453.jar
> because this file is compressed version of qooxdoo. I tried to replace
> the qooxdoo class qx.io.Alias in qx-debug.js and run RAP in debug mode
> (-Dorg.eclipse.rwt.clientLibraryVariant=DEBUG). But it doesn't work. The
> first request ends with the error:
>
> Could not evaluate javascript response:
> Error in property boundToWidget of class org.eclipse.rwt.widgets.ToolTip
> in method setBoundToWidget with incoming value 'null': Null value is not
> allowed!
> org.eclipse.swt.EventUtil.suspendEventHandling();var req =
> org.eclipse.swt.Request.getInstance();req.setRequestCounter( "0"
> );qx.theme.manager.Meta.getInstance().setTheme(
> org.eclipse.swt.theme.Custom_1
> );org.eclipse.swt.Request.getInstance().setTimeoutPage( "The server
> session timed out.Please click here to restart the session." );var wm =
> org.eclipse.swt.WidgetManager.getInstance();var w = wm.newWidget( ....
>
> ...even when I use original unmodified qx-debug.js file from RAP 1.2.1.
>
> Then I tried to download the latest sources of RAP 1.2.1 from CVS where
> (I think) the problem could be solved. In CVS there is really version
> 1.23 of qx.js file for branch v12_maintenance and there is also version
> 1.23.2.3 which probably contains the fix. I don't know how to get all
> RAP sources from CVS corresponding to the fixed version 1.23.2.3 of
> qx.js. I cannot find any corresponding tag or branch.
>
> Can someone help us to solve the problem?
>
> Thanks
>
Re: Problem with RAP Browser component and SSL [message #507436 is a reply to message #507285] Wed, 13 January 2010 09:06 Go to previous messageGo to next message
NkD Missing name is currently offline NkD Missing nameFriend
Messages: 61
Registered: July 2009
Member
When I monitor the communication (in Fiddler2) I can see this code in
the response:

....
var w = wm.newWidget( "w829", "w827", true, null,
"org.eclipse.swt.browser.Browser" );
w.setSpace( 63, 279, 10, 112 );
w.setZIndex( 299 );
w.setTabIndex( 3 );
w.setBackgroundColor( null );
w.setSource(
" http://proxyserver:port/webapp/org.eclipse.swt.browser/text- 699174304.html"
);
....

So the server generates absolute URL in attribute "source". The problem
is that client (browser) uses HTTPS for communication with the proxy,
but the proxy uses non-secure HTTP with Tomcat. It seems that RAP uses
ContextProvider.getRequest().getScheme() for building the URL. Therefore
there is HTTP protocol in the generated URL that is sent to the client
and this URL cannot be handled by the proxy because the client can only
use HTTPS with the proxy.

It is interesting that this problem is only in FireFox (using version
3.5.7) but not in Internet Explorer (tested versions 7 and 8). I tried
to monitor IE by means of Fiddler2 but in this case the problem was the
same as in FF.

I went through the sources of BrowserLCA and here is the execution path
(marked with "===>"):

------------------------------------------------------------ --
class BrowserLCA
------------------------------------------------------------ --
public void renderChanges( final Widget widget ) throws IOException {
Browser browser = ( Browser )widget;
ControlLCAUtil.writeChanges( browser );
===> writeUrl( browser );
writeExecute( browser );
WidgetLCAUtil.writeCustomVariant( browser );
}

private static void writeUrl( final Browser browser )
throws IOException
{
if( hasUrlChanged( browser ) ) {
JSWriter writer = JSWriter.getWriterFor( browser );
writer.set( QX_FIELD_SOURCE, ===> getUrl( browser ) );
}
}

static String getUrl( final Browser browser ) throws IOException {
String text = getText( browser );
String url = browser.getUrl();
String result;
if( text != null && !"".equals( text.trim() ) ) {
===> result = registerHtml( text );
} else if( url != null && !"".equals( url.trim() ) ) {
result = url;
} else {
result = registerHtml( BLANK_HTML );
}
return result;
}

private static String registerHtml( final String html ) throws
IOException {
String name = createUrlFromHtml( html );
byte[] bytes = html.getBytes( "UTF-8" );
InputStream inputStream = new ByteArrayInputStream( bytes );
ResourceManager.getInstance().register( name, inputStream );
return ===> ResourceManager.getInstance().getLocation( name );
}

------------------------------------------------------------ --
class RsourceManagerImpl
------------------------------------------------------------ --
public String getLocation( final String name ) {
ParamCheck.notNull( name, "name" );
String key = createKey( name );
String fileName = ( String )repository.get( key );
Assert.isNotNull( fileName, "No resource registered for key " + name );
return ===> createRequestURL( fileName, findVersion( name ) );
}

private static String createRequestURL( final String fileName,
final Integer version )
{
String result;
String newFileName = fileName.replace( '\\', '/' );
if( isDeliveryMode( DELIVER_FROM_DISK ) ) {
StringBuffer url = new StringBuffer();
url.append( ===> URLHelper.getContextURLString() );
url.append( "/" );
String escapedFilename = escapeFilename( newFileName );
url.append( versionedResourceName( escapedFilename, version ) );
result = url.toString();
} else {
StringBuffer url = new StringBuffer();
url.append( URLHelper.getURLString( false ) );
URLHelper.appendFirstParam( url, RequestParams.RESOURCE,
newFileName );
if( version != null ) {
URLHelper.appendParam( url,
RequestParams.RESOURCE_VERSION,
String.valueOf( version.intValue() ) );
}
result = ContextProvider.getResponse().encodeURL( url.toString() );
}
return result;
}
------------------------------------------------------------ --
class UrlHelper
------------------------------------------------------------ --
public static String getContextURLString() {
HttpServletRequest request = ContextProvider.getRequest();
StringBuffer result = new StringBuffer();
result.append( ===> getServerURL() );
result.append( request.getContextPath() );
return result.toString();
}

private static String getServerURL() {
HttpServletRequest request = ContextProvider.getRequest();
String port = URLHelper.createPortPattern( request );
StringBuffer result = new StringBuffer();
String serverName = request.getServerName();
result.append( ===> request.getScheme() ); // <<***
result.append( "://" );
result.append( serverName );
result.append( port );
return result.toString();
}

The line marked with "<<***" is probably the root of the problem, here
is set HTTP instead of HTTPS. Maybe it's problem of Tomcat or problem of
FireFox (not setting some header?).

Does someone have a suggestion how to solve this situation?
I appreciate any idea. Thanks.



> Hi Michael,
>
> I wonder why the Browser widget renders a "http" instead of "https" as
> url. As far as I can see it from the RAP-code (BrowserLCA), only
> relative urls are used. Have you examined this more deeply?
>
> We use the browser widget together with https and didn't run into this
> problem.
>
> The bugs you refer to are about images paths and https - I think this is
> a different problem isn't it?
>
> Regards,
> Stefan.
Re: Problem with RAP Browser component and SSL [message #507454 is a reply to message #507436] Wed, 13 January 2010 14:27 Go to previous messageGo to next message
Ivan Furnadjiev is currently offline Ivan FurnadjievFriend
Messages: 2426
Registered: July 2009
Location: Sofia, Bulgaria
Senior Member
Hi Michal,

I've just checked the browser.setText() method with CVS HEAD ( FF 3.5.7
) and it generate the relative path for javascript setSource function.
Can you confirm that the problem does not exist with CVS HEAD?

Best,
Ivan

On 1/13/2010 3:58 PM, Michal NkD Nikodím wrote:
> When I monitor the communication (in Fiddler2) I can see this code in
> the response:
>
> ...
> var w = wm.newWidget( "w829", "w827", true, null,
> "org.eclipse.swt.browser.Browser" );
> w.setSpace( 63, 279, 10, 112 );
> w.setZIndex( 299 );
> w.setTabIndex( 3 );
> w.setBackgroundColor( null );
> w.setSource(
> " http://proxyserver:port/webapp/org.eclipse.swt.browser/text- 699174304.html"
> );
> ...
>
> So the server generates absolute URL in attribute "source". The
> problem is that client (browser) uses HTTPS for communication with the
> proxy, but the proxy uses non-secure HTTP with Tomcat. It seems that
> RAP uses ContextProvider.getRequest().getScheme() for building the
> URL. Therefore there is HTTP protocol in the generated URL that is
> sent to the client and this URL cannot be handled by the proxy because
> the client can only use HTTPS with the proxy.
>
> It is interesting that this problem is only in FireFox (using version
> 3.5.7) but not in Internet Explorer (tested versions 7 and 8). I tried
> to monitor IE by means of Fiddler2 but in this case the problem was
> the same as in FF.
>
> I went through the sources of BrowserLCA and here is the execution
> path (marked with "===>"):
>
> ------------------------------------------------------------ --
> class BrowserLCA
> ------------------------------------------------------------ --
> public void renderChanges( final Widget widget ) throws IOException {
> Browser browser = ( Browser )widget;
> ControlLCAUtil.writeChanges( browser );
> ===> writeUrl( browser );
> writeExecute( browser );
> WidgetLCAUtil.writeCustomVariant( browser );
> }
>
> private static void writeUrl( final Browser browser )
> throws IOException
> {
> if( hasUrlChanged( browser ) ) {
> JSWriter writer = JSWriter.getWriterFor( browser );
> writer.set( QX_FIELD_SOURCE, ===> getUrl( browser ) );
> }
> }
>
> static String getUrl( final Browser browser ) throws IOException {
> String text = getText( browser );
> String url = browser.getUrl();
> String result;
> if( text != null && !"".equals( text.trim() ) ) {
> ===> result = registerHtml( text );
> } else if( url != null && !"".equals( url.trim() ) ) {
> result = url;
> } else {
> result = registerHtml( BLANK_HTML );
> }
> return result;
> }
>
> private static String registerHtml( final String html ) throws
> IOException {
> String name = createUrlFromHtml( html );
> byte[] bytes = html.getBytes( "UTF-8" );
> InputStream inputStream = new ByteArrayInputStream( bytes );
> ResourceManager.getInstance().register( name, inputStream );
> return ===> ResourceManager.getInstance().getLocation( name );
> }
>
> ------------------------------------------------------------ --
> class RsourceManagerImpl
> ------------------------------------------------------------ --
> public String getLocation( final String name ) {
> ParamCheck.notNull( name, "name" );
> String key = createKey( name );
> String fileName = ( String )repository.get( key );
> Assert.isNotNull( fileName, "No resource registered for key " +
> name );
> return ===> createRequestURL( fileName, findVersion( name ) );
> }
>
> private static String createRequestURL( final String fileName,
> final Integer version )
> {
> String result;
> String newFileName = fileName.replace( '\\', '/' );
> if( isDeliveryMode( DELIVER_FROM_DISK ) ) {
> StringBuffer url = new StringBuffer();
> url.append( ===> URLHelper.getContextURLString() );
> url.append( "/" );
> String escapedFilename = escapeFilename( newFileName );
> url.append( versionedResourceName( escapedFilename, version ) );
> result = url.toString();
> } else {
> StringBuffer url = new StringBuffer();
> url.append( URLHelper.getURLString( false ) );
> URLHelper.appendFirstParam( url, RequestParams.RESOURCE,
> newFileName );
> if( version != null ) {
> URLHelper.appendParam( url,
> RequestParams.RESOURCE_VERSION,
> String.valueOf( version.intValue() ) );
> }
> result = ContextProvider.getResponse().encodeURL( url.toString() );
> }
> return result;
> }
> ------------------------------------------------------------ --
> class UrlHelper
> ------------------------------------------------------------ --
> public static String getContextURLString() {
> HttpServletRequest request = ContextProvider.getRequest();
> StringBuffer result = new StringBuffer();
> result.append( ===> getServerURL() );
> result.append( request.getContextPath() );
> return result.toString();
> }
>
> private static String getServerURL() {
> HttpServletRequest request = ContextProvider.getRequest();
> String port = URLHelper.createPortPattern( request );
> StringBuffer result = new StringBuffer();
> String serverName = request.getServerName();
> result.append( ===> request.getScheme() ); // <<***
> result.append( "://" );
> result.append( serverName );
> result.append( port );
> return result.toString();
> }
>
> The line marked with "<<***" is probably the root of the problem, here
> is set HTTP instead of HTTPS. Maybe it's problem of Tomcat or problem
> of FireFox (not setting some header?).
>
> Does someone have a suggestion how to solve this situation?
> I appreciate any idea. Thanks.
>
>
>
>> Hi Michael,
>>
>> I wonder why the Browser widget renders a "http" instead of "https" as
>> url. As far as I can see it from the RAP-code (BrowserLCA), only
>> relative urls are used. Have you examined this more deeply?
>>
>> We use the browser widget together with https and didn't run into this
>> problem.
>>
>> The bugs you refer to are about images paths and https - I think this is
>> a different problem isn't it?
>>
>> Regards,
>> Stefan.
Re: Problem with RAP Browser component and SSL [message #509439 is a reply to message #507454] Fri, 22 January 2010 08:02 Go to previous message
NkD Missing name is currently offline NkD Missing nameFriend
Messages: 61
Registered: July 2009
Member
We solved the problem by setting the scheme attribute for Tomcat
connector to "https" (in server.xml):

<Connector port="8080" protocol="HTTP/1.1"
....
scheme="https" />

Then the function HttpServletRequest.getScheme() returns "https" and the
URL generated for client is OK.



Dne 13.1.2010 15:27, Ivan Furnadjiev napsal(a):
> Hi Michal,
>
> I've just checked the browser.setText() method with CVS HEAD ( FF 3.5.7
> ) and it generate the relative path for javascript setSource function.
> Can you confirm that the problem does not exist with CVS HEAD?
>
> Best,
> Ivan
Previous Topic:D&D issue
Next Topic:SWT Tree: Multi-line label
Goto Forum:
  


Current Time: Tue Mar 19 08:37:04 GMT 2024

Powered by FUDForum. Page generated in 0.02184 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top