search

sahaya / rest-assured

Automatically exported from code.google.com/p/rest-assured
0 stars 0 forks source link

https and follow redirect #312

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Configure your server with a redirection from http to https
2. Configure https with a non-trusted certificate
3. Try to write a test wich point to http, follow redirect
4. Oserve a javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

What is the expected output? What do you see instead?
 The expected output is a successfull test with code status 200

What version of the product are you using? On what operating system?
 restassured 2.3.0

Please provide any additional information below.
 Code sample
 given().relaxedHTTPSValidation()
         .filter(new ErrorLoggingFilter())
         .redirects()
         .follow(true)
         .contentType(ContentType.TEXT)
         .expect()
         .statusCode(200)
         .body(containsString("Hello"))
         .when()
         .get("http://localhost:8080/api/hello"));

Original issue reported on code.google.com by wokier on 19 Feb 2014 at 9:31

GoogleCodeExporter commented 9 years ago 
Is your server online so that I can test it? Otherwise it's hard for me to fix 
this. It may be easier if you find out what the problem is and provide a pull 
request or details on how it can be fixed.

Original comment by johan.ha...@gmail.com on 21 Feb 2014 at 10:03

GoogleCodeExporter commented 9 years ago 
It seems that the redirection works, https work, but not the both at the same 
time.

The server is not online, but you may reproduce its configuration.
The server is a tomcat7 (7.0.42)
I have configured the server.xml with this:
<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               SSLEnabled="true"
               keystoreFile="/usr/share/tomcat/conf/my.server.keystore.jks"
               keystorePass="XXXXX"
               truststoreFile="/usr/share/tomcat/conf/my.server.javakeystore.ts"
               truststorePass="XXXX"/>
<Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

and configured web.xml with this:
<security-constraint>
          <web-resource-collection>
                <web-resource-name>ssl</web-resource-name>
                <url-pattern>/*</url-pattern>
          </web-resource-collection>
          <user-data-constraint>
                <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
 </security-constraint>

The resource is implemented with jar-rs jersey.

Original comment by wokier on 21 Feb 2014 at 2:18

GoogleCodeExporter commented 9 years ago 
This is such a specific problem so I probably won't have time to investigate it 
in a foreseeable future. You would have to help out with this. It may be a 
security feature similar to 
http://www.jayway.com/2012/10/17/what-you-may-not-know-about-http-redirects/.

Original comment by johan.ha...@gmail.com on 24 Feb 2014 at 7:16