Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] 302 Redirect loop prevents user from reaching login success page

That chunk of code is for compensating for a very specific use case.

One where the request path matches the declared contextPath exactly, is not a root context, and you don't allow null pathInfo values.

Default value for allowNullPathInfo is false.
(Internal jetty handlers like MovedContextHandler actually set this to true)

Example 1:

  ContextHandler : contextPath = "/foo"
  Request           : path = "/foo"

Without that logic, this would result in a request.getPathInfo() of null.  Which is allowed per the servlet spec, but a shocking number of libraries choke on.
That logic redirects the incoming request to "/foo/", which forces the pathInfo to be "/"
Since allowNullPathInfo is internally defaulting to false, this redirect will always happen in this limited usecase for all servlet spec requests.

Example 2: 

  ContextHandler : contextPath = "/foo"
  Request           : path = "/foo/index.bar"

This request path is not the same as the declared contextPath so it would not redirect.
This is the use case for your initial question too.



--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Mon, Sep 22, 2014 at 1:50 PM, Dunn, Barclay <Barclay.Dunn@xxxxxxxxxx> wrote:
Oops! Below I wrote ContextServer but I meant ContextHandler. Just confirming it's not ContextHandler doing this:

            // context request must end with /
            baseRequest.setHandled(true);
            if (baseRequest.getQueryString() != null)
                response.sendRedirect(URIUtil.addPaths(baseRequest.getRequestURI(),URIUtil.SLASH) + "?" + baseRequest.getQueryString());
            else
                response.sendRedirect(URIUtil.addPaths(baseRequest.getRequestURI(),URIUtil.SLASH));
            return false;

(that is from jetty-server-9.2.2.v20140723, ContextHandler.checkContext(), lines 948-951)

A look at the URIUtil.addPaths() code suggests I would see a / after the .do, if this were happening, and I am not, but I would appreciate someone more familiar with the Jetty code to confirm.

Barclay


From: Joakim Erdfelt <joakim@xxxxxxxxxxx>
Reply-To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Date: Monday, September 22, 2014 at 3:48 PM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] 302 Redirect loop prevents user from reaching login success page

Your pasted jetty configuration shows no jetty specific redirect implementation.

Perhaps its the library you are using in your webapp causing this redirect loop.
Based on the "action.do", I'd assume you have struts in use.

You should look into the struts library and its configuration to see how it does its redirect logic.


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Mon, Sep 22, 2014 at 11:26 AM, Dunn, Barclay <Barclay.Dunn@xxxxxxxxxx> wrote:
Hi list,

I am having an issue with embedded Jetty that I can't resolve. I am getting a redirect after login, but only on the test server, not on my local box. It happens when the user logs in; the next page gets served with a 302 redirect header with the location of itself (over and over, so there is a redirect loop). 

However, when I am running the app *locally*, after the user logs in the next page gets served with a 200 header (no redirect). I've done some initial searching online to see if anyone's had this behavior with embedded jetty, but so far haven't found anything. The exact same code gives a 302 on va-mexp-devci-www101 that gives a 200 on my local. 

I read that ContextServer can give this type of behavior if there's no slash at the end of the URL, but it doesn't look like it would turn into a redirect loop. The URL that my user goes to after login is "http://servername:8080/admin/index.do?multisiteId=merchant&redirected=y&lastFormName=loginForm", and the URL that they are getting redirected to infinitely is the exact same URL, not added slash at the end. 

Here is my code:

    public static void main(String[] args) throws Exception {

        Server server = new Server();

        // PARSE JSON INPUT
        MEXPJsonProps mexpJsonProps = ConfigurationManager.parseJsonInput(args[1]);

        // CREATE CONNECTORS
        Map<String, Object> httpProps = mexpJsonProps.getHttp();
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(8443);
        int outputBufferSize = httpProps.get("outputBufferSize") instanceof Double
                ? Double.class.cast(httpProps.get("outputBufferSize")).intValue()
                : (Integer) httpProps.get("outputBufferSize");
        httpConfiguration.setOutputBufferSize(outputBufferSize);

// port = 8080
        ServerConnector http = new ServerConnector(server,new HttpConnectionFactory(httpConfiguration));
        int port = httpProps.get("port") instanceof Double
                ? Double.class.cast(httpProps.get("port")).intValue()
                : (Integer) httpProps.get("port");
        http.setPort(port);
        int idleTimeout = httpProps.get("idleTimeout") instanceof Double
                ? Double.class.cast(httpProps.get("idleTimeout")).intValue()
                : (Integer) httpProps.get("idleTimeout");
        http.setIdleTimeout(idleTimeout);

// adminPort = 8081
        ServerConnector httpAdmin = new ServerConnector(server,new HttpConnectionFactory(httpConfiguration));
        int adminPort = httpProps.get("adminPort") instanceof Double
                ? Double.class.cast(httpProps.get("adminPort")).intValue()
                : (Integer) httpProps.get("adminPort");
        httpAdmin.setPort(adminPort);
        httpAdmin.setIdleTimeout(idleTimeout);

        // set the connectors
        server.setConnectors(new Connector[] { http, httpAdmin });

        Map<String, String> localConfiguration = mexpJsonProps.getLocalConfiguration();

        // CREATE CONTEXT
        WebAppContext context = new WebAppContext();
        context.setContextPath("/");

        ProtectionDomain domain = JettyWebApp.class.getProtectionDomain();
        URL location = domain.getCodeSource().getLocation();
        context.setWar(location.toExternalForm());

        context.setDescriptor(location.toExternalForm() + "/WEB-INF/web.xml");

        // SET UP JSP CONFIGS
        File scratchDir = new File(localConfiguration.get("resourceRoot"));
        context.setTempDirectory(scratchDir);
        context.setPersistTempDirectory(true);
        // Set JSP to use Standard JavaC always
        System.setProperty("org.apache.jasper.compiler.disablejsr199", "false");

        // Set the handler
        server.setHandler(context);

        server.start();
        server.join();
    }

Thanks for your thoughts. 

Barclay


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top