search

eclipse-ee4j / glassfish

Eclipse GlassFish
https://eclipse-ee4j.github.io/glassfish/
386 stars 144 forks source link

Redirect http to https request failed #4514

Closed glassfishrobot closed 16 years ago

glassfishrobot commented 16 years ago

The redirection of http to https request failed when web.xml has only user-data-constraint for CONFIDENTIAL. Steps to reproduce the bug: 1. Install Glassfish v3, start domain 2. Add attribute in domain.xml for http-listener-2, it will look like this: <http-listener default-virtual-server="server" family="inet" security-en abled="true" enabled="true" server-name="" address="0.0.0.0" acceptor-threads="1 " port="8181" id="http-listener-2" xpowered-by="true" blocking-enabled="false"> <ssl ssl3-enabled="true" cert-nickname="s1as" ssl2-enabled="false" tls -rollback-enabled="true" tls-enabled="true" client-auth-enabled="false" /> 3. Checkout SQE workspace cvs co appserver-sqe/boostrap.xml cd appserver-sqe ant -f bootstrap.xml co-security 4.set env. variables AS_HOME SPS_HOME ANT_HOME JAVA_HOME 5. cd appserver-sqe/pe/security/ssl/redirectport,run "ant all". The test case failed. The same test passed for v2. Here is the error in server.log [#|2008-03-26T15:39:01.991-0700|INFO|GlassFish10.0|javax.enterprise.system.core. security|_ThreadID=12;_ThreadName=Thread-5;|JACC Policy Provider: PolicyWrapper. implies, context(sec-redirect-port-web/sec-redirect-port-web)- permission((javax .security.jacc.WebUserDataPermission /test.jsp GET)) domain that failed(Protecti onDomain (file:/sec-redirect-port-web/sec-redirect-port-web <no signer certific ates>) null

java.security.Permissions@14ba9a2 ( (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.Pa sswordCredential * "*" read) (java.util.PropertyPermission java.version read) (java.util.PropertyPermission java.vm.name read) (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission os.name read) (java.util.PropertyPermission java.vendor.url read) (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission os.version read) (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission java.class.version read) (java.util.PropertyPermission file.separator read) (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission os.arch read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission java.specification.version read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission * read,write) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission line.separator read) (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *) (javax.security.jacc.WebResourcePermission /:/test.jsp) (javax.security.jacc.WebResourcePermission /test.jsp) (javax.management.MBeanTrustPermission register) (javax.security.jacc.WebUserDataPermission /:/test.jsp) (javax.security.jacc.WebUserDataPermission /test.jsp !GET,POST) (javax.security.jacc.WebUserDataPermission /test.jsp GET,POST:CONFIDENTIAL) (com.sun.enterprise.security.CORBAObjectPermission *) (java.lang.RuntimePermission loadLibrary.*) (java.lang.RuntimePermission getClassLoader) (java.lang.RuntimePermission modifyThreadGroup) (java.lang.RuntimePermission accessDeclaredMembers) (java.lang.RuntimePermission setContextClassLoader) (java.lang.RuntimePermission queuePrintJob) (java.lang.RuntimePermission getProtectionDomain) (java.lang.RuntimePermission stopThread) (java.net.SocketPermission localhost:1024- listen,resolve) (java.net.SocketPermission * connect,resolve) (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission acce ss null) (java.io.FilePermission /var/tmp//- delete) (java.io.FilePermission /export/sonia/v3/glassfish/domains/domain1/lib/database s/- delete) (java.io.FilePermission <> read,write) ) )|#] #### Environment Operating System: Solaris Platform: All #### Affected Versions [V3]
glassfishrobot commented 6 years ago
glassfishrobot commented 16 years ago

@glassfishrobot Commented jfarcand said: This is the same issue as 4506...the redirect port configuration is most probably missing inside the WebContainer code.

glassfishrobot commented 16 years ago

@glassfishrobot Commented sonialiu said: This bug was fixed for earlier builds, I verified it about 10 days ago. However, I ran the test today against promoted build10, it failed. I got the same error that described in the server.log. So reopen the bug. Thanks.

glassfishrobot commented 16 years ago

@glassfishrobot Commented @vbkumarjayanti said: I tried a http->https redirect Application with

V3-TP2 latest dev build from hudson :

http://kohsuke.sfbay.sun.com/hudson/view/GFv3/job/glassfish-v3-tp2-devbuild/84/

And it works for me without any issues.

glassfishrobot commented 16 years ago

@glassfishrobot Commented @vbkumarjayanti said: You have to add the SSL element in domain.xml under http-listener 2 manually (did you do that ?).

glassfishrobot commented 16 years ago

@glassfishrobot Commented sonialiu said: I found the failure was due to 8181 port was in use. I killed all processes and reran the test, it passed. However, in the server.log, I always see an error(see below). Is this expected? [#|2008-04-22T15:04:40.327-0700|INFO|GlassFish10.0|javax.enterprise.system.core. security|_ThreadID=15;_ThreadName=Thread-4;|JACC Policy Provider: PolicyWrapper. implies, context(sec-redirect-port-web/sec-redirect-port-web)- permission((javax .security.jacc.WebUserDataPermission /test.jsp GET)) domain that failed(Protecti onDomain (file:/sec-redirect-port-web/sec-redirect-port-web <no signer certific ates>) null

java.security.Permissions@e33af5 ( (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission acce ss null) (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.Pa sswordCredential * "*" read) (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *) (java.net.SocketPermission localhost:1024- listen,resolve) (java.net.SocketPermission * connect,resolve) (javax.security.jacc.WebResourcePermission /:/test.jsp) (javax.security.jacc.WebResourcePermission /test.jsp) (java.lang.RuntimePermission loadLibrary.*) (java.lang.RuntimePermission getClassLoader) (java.lang.RuntimePermission modifyThreadGroup) (java.lang.RuntimePermission accessDeclaredMembers) (java.lang.RuntimePermission setContextClassLoader) (java.lang.RuntimePermission queuePrintJob) (java.lang.RuntimePermission getProtectionDomain) (java.lang.RuntimePermission stopThread) (java.util.PropertyPermission java.version read) (java.util.PropertyPermission java.vm.name ad (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission os.name read ead (java.util.PropertyPermission java.vendor.url read (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission os.version read ead (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission file.separator read)ead) (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission os.arch read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission java.specification.version read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission * read,write) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission line.separator read) (com.sun.enterprise.security.CORBAObjectPermission *) (javax.security.jacc.WebUserDataPermission /:/test.jsp) (javax.security.jacc.WebUserDataPermission /test.jsp !GET,POST) (javax.security.jacc.WebUserDataPermission /test.jsp GET,POST:CONFIDENTIAL) (java.io.FilePermission /var/tmp//- delete) (java.io.FilePermission /export/sonia/v3/glassfish/domains/domain1/lib/database s/- delete) (java.io.FilePermission <> read,write) (javax.management.MBeanTrustPermission register) )
glassfishrobot commented 16 years ago

@glassfishrobot Commented sonialiu said: change the priority to p3 since the feature works, it only has an exception in server.log

glassfishrobot commented 16 years ago

@glassfishrobot Commented @vbkumarjayanti said: If you observe the Exception (INFO Log) appears in GF V2 as well and is not a new behaviour.

glassfishrobot commented 16 years ago

@glassfishrobot Commented Was assigned to raharsha

glassfishrobot commented 7 years ago

@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-4514

glassfishrobot commented 16 years ago

@glassfishrobot Commented Reported by sonialiu

glassfishrobot commented 16 years ago

@glassfishrobot Commented Marked as cannot reproduce on Wednesday, April 23rd 2008, 7:10:21 pm