search

google-code-export / wro4j

Automatically exported from code.google.com/p/wro4j
1 stars 1 forks source link

ResourceProxyRequestHandler throwing UnauthorizedRequestException when resource uri contains question mark and pound #872

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Using version 1.7.5 similar to issue 826 with some slight differences.

My authorizedResources looks like

[classpath:META-INF/resources/js/respond.min.js,
 classpath:META-INF/resources/js/html5shiv.js,
 classpath:META-INF/resources/fonts/fontawesome-webfont.eot?v=4.0.3,
 classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot,
 classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?#iefix,
 classpath:srj-jquery/jquery-1.11.0.min.js,
 classpath:META-INF/resources/fonts/fontawesome-webfont.eot?#iefix&v=4.0.3,
 classpath:META-INF/resources/img/kroger-logo.png,
 classpath:META-INF/resources/js/bootstrap.min.js,
 classpath:META-INF/resources/img/kroger-logo.gif,
 classpath:META-INF/resources/fonts/glyphicons-halflings-regular.ttf,
 classpath:META-INF/resources/fonts/fontawesome-webfont.ttf?v=4.0.3,
 classpath:META-INF/resources/fonts/glyphicons-halflings-regular.woff,
 classpath:META-INF/resources/fonts/fontawesome-webfont.svg?v=4.0.3#fontawesomeregular,
 classpath:META-INF/resources/fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular,
 classpath:META-INF/resources/fonts/fontawesome-webfont.woff?v=4.0.3,
 classpath:META-INF/resources/css/kroger-bootstrap-styles.css]

request coming in is looking for 
classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot? because of 
issue 826 it removed #iefix to match in the authorizedResources

2014-04-29 13:47:51,126 DEBUG 
[ro.isdc.wro.http.handler.ResourceProxyRequestHandler] - <[FAIL] Unauthorized 
proxy resource: 
classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?>
2014-04-29 13:47:51,126 DEBUG [ro.isdc.wro.WroRuntimeException] - <Unauthorized 
resource request detected: 
classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?>
2014-04-29 13:47:51,130 DEBUG [ro.isdc.wro.http.WroFilter] - <Exception occured>
ro.isdc.wro.http.support.UnauthorizedRequestException: Unauthorized resource 
request detected: 
classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?
    at ro.isdc.wro.http.handler.ResourceProxyRequestHandler.verifyAccess(ResourceProxyRequestHandler.java:128) ~[wro4j-core-1.7.5.jar:1.7.5]
    at ro.isdc.wro.http.handler.ResourceProxyRequestHandler.handle(ResourceProxyRequestHandler.java:69) ~[wro4j-core-1.7.5.jar:1.7.5]
    at ro.isdc.wro.http.handler.LazyRequestHandlerDecorator.handle(LazyRequestHandlerDecorator.java:46) ~[wro4j-core-1.7.5.jar:1.7.5]
    at ro.isdc.wro.http.WroFilter.handledWithRequestHandler(WroFilter.java:328) ~[wro4j-core-1.7.5.jar:1.7.5]
    at ro.isdc.wro.http.WroFilter.doFilter(WroFilter.java:289) ~[wro4j-core-1.7.5.jar:1.7.5]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.42.A]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:181) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at com.kroger.commons.security.siteminder.SiteMinderAuthenticationProcessingFilter$RedirectDetectFilterChain.doFilter(SiteMinderAuthenticationProcessingFilter.java:155) [kroger-security-3.0.0.jar:na]
    at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:94) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at com.kroger.commons.security.siteminder.SiteMinderAuthenticationProcessingFilter.doFilter(SiteMinderAuthenticationProcessingFilter.java:126) [kroger-security-3.0.0.jar:na]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:94) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:123) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [catalina.jar:7.0.42.A]
    at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45) [tomee-catalina-1.6.0.jar:1.6.0]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.StandardHostValve.__invoke(StandardHostValve.java:171) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java) [catalina.jar:7.0.42.A]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) [catalina.jar:7.0.42.A]
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) [catalina.jar:7.0.42.A]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) [catalina.jar:7.0.42.A]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) [catalina.jar:7.0.42.A]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023) [tomcat-coyote.jar:7.0.42.A]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) [tomcat-coyote.jar:7.0.42.A]
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) [tomcat-coyote.jar:7.0.42.A]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_51]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_51]
    at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]

Original issue reported on code.google.com by ndr...@gmail.com on 29 Apr 2014 at 5:53

GoogleCodeExporter commented 9 years ago

Original comment by alex.obj...@gmail.com on 29 Apr 2014 at 7:50

GoogleCodeExporter commented 9 years ago 
Fixed in branch 1.7.x

Original comment by alex.obj...@gmail.com on 28 May 2014 at 4:09

GoogleCodeExporter commented 9 years ago

Original comment by alex.obj...@gmail.com on 18 Jun 2014 at 11:53