Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] 302 Redirect loop prevents user from reaching login success page

Hi list,

In my situation the issue arose because of cookies and the fact that for our testing env's fully qualified domain name includes a ".cluster". To expedite issues I have /etc/resolve.conf file that allows the browser to include searches in the cluster when resolving domain names, but - and we don't know why, exactly - cookies don't benefit from that config file, but require the exact domain name to match. 

I'm posting to this list in case someone else has this issue some day and starts wondering if it's Jetty. It's not.

Barclay



From: Dunn, Barclay
Sent: Monday, September 22, 2014 4:50 PM
To: JETTY user mailing list
Subject: Re: [jetty-users] 302 Redirect loop prevents user from reaching login success page

Oops! Below I wrote ContextServer but I meant ContextHandler. Just confirming it's not ContextHandler doing this:

            // context request must end with /
            baseRequest.setHandled(true);
            if (baseRequest.getQueryString() != null)
                response.sendRedirect(URIUtil.addPaths(baseRequest.getRequestURI(),URIUtil.SLASH) + "?" + baseRequest.getQueryString());
            else
                response.sendRedirect(URIUtil.addPaths(baseRequest.getRequestURI(),URIUtil.SLASH));
            return false;

(that is from jetty-server-9.2.2.v20140723, ContextHandler.checkContext(), lines 948-951)

A look at the URIUtil.addPaths() code suggests I would see a / after the .do, if this were happening, and I am not, but I would appreciate someone more familiar with the Jetty code to confirm.

Barclay


From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Reply-To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Date: Monday, September 22, 2014 at 3:48 PM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] 302 Redirect loop prevents user from reaching login success page

Your pasted jetty configuration shows no jetty specific redirect implementation.

Perhaps its the library you are using in your webapp causing this redirect loop.
Based on the "action.do", I'd assume you have struts in use.

You should look into the struts library and its configuration to see how it does its redirect logic.


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Mon, Sep 22, 2014 at 11:26 AM, Dunn, Barclay <Barclay.Dunn@xxxxxxxxxx> wrote:
Hi list,

I am having an issue with embedded Jetty that I can't resolve. I am getting a redirect after login, but only on the test server, not on my local box. It happens when the user logs in; the next page gets served with a 302 redirect header with the location of itself (over and over, so there is a redirect loop). 

However, when I am running the app *locally*, after the user logs in the next page gets served with a 200 header (no redirect). I've done some initial searching online to see if anyone's had this behavior with embedded jetty, but so far haven't found anything. The exact same code gives a 302 on va-mexp-devci-www101 that gives a 200 on my local. 

I read that ContextServer can give this type of behavior if there's no slash at the end of the URL, but it doesn't look like it would turn into a redirect loop. The URL that my user goes to after login is "http://servername:8080/admin/index.do?multisiteId=merchant&redirected=y&lastFormName=loginForm", and the URL that they are getting redirected to infinitely is the exact same URL, not added slash at the end. 

Here is my code:

    public static void main(String[] args) throws Exception {

        Server server = new Server();

        // PARSE JSON INPUT
        MEXPJsonProps mexpJsonProps = ConfigurationManager.parseJsonInput(args[1]);

        // CREATE CONNECTORS
        Map<String, Object> httpProps = mexpJsonProps.getHttp();
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(8443);
        int outputBufferSize = httpProps.get("outputBufferSize") instanceof Double
                ? Double.class.cast(httpProps.get("outputBufferSize")).intValue()
                : (Integer) httpProps.get("outputBufferSize");
        httpConfiguration.setOutputBufferSize(outputBufferSize);

// port = 8080
        ServerConnector http = new ServerConnector(server,new HttpConnectionFactory(httpConfiguration));
        int port = httpProps.get("port") instanceof Double
                ? Double.class.cast(httpProps.get("port")).intValue()
                : (Integer) httpProps.get("port");
        http.setPort(port);
        int idleTimeout = httpProps.get("idleTimeout") instanceof Double
                ? Double.class.cast(httpProps.get("idleTimeout")).intValue()
                : (Integer) httpProps.get("idleTimeout");
        http.setIdleTimeout(idleTimeout);

// adminPort = 8081
        ServerConnector httpAdmin = new ServerConnector(server,new HttpConnectionFactory(httpConfiguration));
        int adminPort = httpProps.get("adminPort") instanceof Double
                ? Double.class.cast(httpProps.get("adminPort")).intValue()
                : (Integer) httpProps.get("adminPort");
        httpAdmin.setPort(adminPort);
        httpAdmin.setIdleTimeout(idleTimeout);

        // set the connectors
        server.setConnectors(new Connector[] { http, httpAdmin });

        Map<String, String> localConfiguration = mexpJsonProps.getLocalConfiguration();

        // CREATE CONTEXT
        WebAppContext context = new WebAppContext();
        context.setContextPath("/");

        ProtectionDomain domain = JettyWebApp.class.getProtectionDomain();
        URL location = domain.getCodeSource().getLocation();
        context.setWar(location.toExternalForm());

        context.setDescriptor(location.toExternalForm() + "/WEB-INF/web.xml");

        // SET UP JSP CONFIGS
        File scratchDir = new File(localConfiguration.get("resourceRoot"));
        context.setTempDirectory(scratchDir);
        context.setPersistTempDirectory(true);
        // Set JSP to use Standard JavaC always
        System.setProperty("org.apache.jasper.compiler.disablejsr199", "false");

        // Set the handler
        server.setHandler(context);

        server.start();
        server.join();
    }

Thanks for your thoughts. 

Barclay


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top