tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jess Holle <je...@ptc.com>
Subject Re: Tomcat 5.5.12 and user-agent header
Date Wed, 12 Oct 2005 17:00:14 GMT
Does this only occur when connecting directly to Tomcat or is it also an 
issue when going through Apache and mod_jk?

Richard Mixon wrote:

>OK - yes, it was lack of sleep that was causing the problem to not appear, I
>was starting Tomcat 5.5.9 instead of 5.5.12, sorry :(
>
>The problem is still there. I even took SiteMesh out of the picture, to make
>sure it was not the problem (should of done that sooner).
>
>Here are the steps:
>
>1) Request a protected page form my app.
>2) My CMA login page pops up, I enter userid and password.
>3) This POST is issued when I submit it:
>     POST /stars/auth/ j_username=user1&j_password=password1&login=Login
>4) HTTPLiveHeaders show all of the GET requests have a user-agent set
>   (I've included all 90 lines of them below).
>5) My page that appears has the following code:
>  <%
>  String _userAgent = request.getHeader("user-agent");
>  out.write("USER-AGENT="+_userAgent);
>  ...
>6) And displays the following on my page:
>  USER-AGENT=null
>
>Unless someone has other ideas I'm thinking it's a but in 5.5.12 at this
>point and will post it to Bugzilla.
>
>Thanks to Mark and others for their help.
>
> - Richard
>
>START OF HTTPLiveHeaders capture from the above POST:
>
>http://smartfish:8080/stars/auth/
>
>POST /stars/auth/ HTTP/1.1
>Host: smartfish:8080
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
>Gecko/20050915 Firefox/1.0.7
>Accept:
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
>0.8,image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Encoding: gzip,deflate
>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>Keep-Alive: 300
>Connection: keep-alive
>Referer: http://smartfish:8080/stars/HomePage.do
>Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
>Content-Type: application/x-www-form-urlencoded
>Content-Length: 45
>j_username=user1&j_password=password1&login=Login
>HTTP/1.x 302 Moved Temporarily
>Server: Apache-Coyote/1.1
>Location:
>http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
>e66f99c809283638f344ecb3d50674ea64189
>Content-Length: 0
>Date: Wed, 12 Oct 2005 16:33:46 GMT
>----------------------------------------------------------
>http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
>e66f99c809283638f344ecb3d50674ea64189
>
>GET
>/stars/j_security_check?j_username=user1&j_password=fbce66f99c809283638f344e
>cb3d50674ea64189 HTTP/1.1
>Host: smartfish:8080
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
>Gecko/20050915 Firefox/1.0.7
>Accept:
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
>0.8,image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Encoding: gzip,deflate
>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>Keep-Alive: 300
>Connection: keep-alive
>Referer: http://smartfish:8080/stars/HomePage.do
>Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
>
>HTTP/1.x 302 Moved Temporarily
>Server: Apache-Coyote/1.1
>Location: http://smartfish:8080/stars/HomePage.do
>Content-Length: 0
>Date: Wed, 12 Oct 2005 16:33:46 GMT
>----------------------------------------------------------
>http://smartfish:8080/stars/HomePage.do
>
>GET /stars/HomePage.do HTTP/1.1
>Host: smartfish:8080
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
>Gecko/20050915 Firefox/1.0.7
>Accept:
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
>0.8,image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Encoding: gzip,deflate
>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>Keep-Alive: 300
>Connection: keep-alive
>Referer: http://smartfish:8080/stars/HomePage.do
>Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
>
>HTTP/1.x 200 OK
>Server: Apache-Coyote/1.1
>Pragma: No-cache
>Cache-Control: no-cache,no-store,max-age=0
>Expires: Thu, 01 Jan 1970 00:00:00 GMT
>Content-Type: text/html;charset=UTF-8
>Content-Language: en
>Content-Length: 2989
>Date: Wed, 12 Oct 2005 16:33:52 GMT
>----------------------------------------------------------
>http://smartfish:8080/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/
>images/cm_fill.gif
>
>GET
>/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/images/cm_fill.gif
>HTTP/1.1
>Host: smartfish:8080
>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
>Gecko/20050915 Firefox/1.0.7
>Accept: image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Encoding: gzip,deflate
>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>Keep-Alive: 300
>Connection: keep-alive
>Referer: http://smartfish:8080/stars/HomePage.do
>Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
>
>HTTP/1.x 400 Invalid URI
>Server: Apache-Coyote/1.1
>Transfer-Encoding: chunked
>Date: Wed, 12 Oct 2005 16:33:52 GMT
>Connection: close
>----------------------------------------------------------
>
>
>
>
>-----Original Message-----
>From: Richard Mixon [mailto:rnmixon@qwest.net] 
>Sent: Wednesday, October 12, 2005 12:45 AM
>To: 'Tomcat Users List'
>Subject: RE: Tomcat 5.5.12 and user-agent header
>
>Mark,
>
>Thanks - should have thought of that first. Now that I turned on
>LiveHTTPHeaders, I cannot get it to fail. I was able to do this consistently
>before.
>
>Just to be sure, I'll try again tomorrow morning. Maybe its just late.
>
>Thanks much - Richard
>
>-----Original Message-----
>From: Mark Thomas [mailto:markt@apache.org]
>Sent: Tuesday, October 11, 2005 6:14 PM
>To: 'Tomcat Users List'; rnmixon@qwest.net
>Subject: RE: Tomcat 5.5.12 and user-agent header
>
>Have you looked at the headers between Tomcat and your UA? Is your UA
>actually sending the UA header? If it is then it looks like a sitemesh
>problem from what you have described. There are a range of tools for looking
>at headers.
>livehttpheaders is good, as is TcpMon which is distributed as part of Axis.
>
>Mark 
>
>  
>
>>-----Original Message-----
>>From: Richard Mixon [mailto:rnmixon@qwest.net]
>>Sent: Monday, October 10, 2005 12:00 AM
>>To: 'Tomcat Users List'
>>Subject: RE: Tomcat 5.5.12 and user-agent header
>>
>>Leon,
>>
>>Thank you for the test - but I still get a null user-agent right after 
>>the login. Here is a snippet of my code:
>>
>>  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" 
>>      "http://www.w3.org/TR/html4/loose.dtd">
>>  <%@ include file="/common/taglibs.jspf"%>
>>  <%@ page import="com.ltoj.common.Constants" %>
>>  <html:html locale="true">
>>  <head>
>>  <%@ include file="/common/meta.jspf" %>
>>  <title><decorator:title/></title>
>>  <script type="text/javascript" src="<c:url 
>>value='/scripts/environment.js'/>"></script>
>>  <script type="text/javascript" src="<c:url 
>>value='/scripts/util.js'/>"></script>
>>  <script type="text/javascript" src="<c:url 
>>value='/scripts/helptip.js'/>"></script>
>>  <script type="text/javascript" src="<c:url 
>>value='/scripts/tabs.js'/>"></script>
>>  <script type="text/javascript" src="<c:url 
>>value='/scripts/CalendarPopup.js'/>"></script>
>>  <script type="text/javascript" src="<c:url 
>>value='/scripts/chartWizard.js'/>"></script>
>>  <link rel="stylesheet" type="text/css" media="all" href="<c:url 
>>value='/styles/default.css'/>" />
>>  <link rel="stylesheet" type="text/css" media="all" href="<c:url 
>>value='/styles/messages.css'/>" />
>>  <link rel="stylesheet" type="text/css" media="all" href="<c:url 
>>value='/styles/tabs.css'/>" />
>>  <decorator:head/>
>>  <%
>>  String _userAgent = request.getHeader("user-agent");
>>  out.write("USER-AGENT='"+_userAgent+"'"); 
>>  ...
>>
>>Here's the sequence:
>>
>>1) I issue a request to this page.
>>
>>2) CMA says "oh, that's protected" and shows my custom login page. I 
>>get user-agent displayed fine:
>>     USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
>>rv:1.7.12)
>>Gecko/20050915 Firefox/1.0.7'
>>
>>3) But on the next page (the original target page of the request), 
>>user-agent shows as null.
>>     USER-AGENT='null'
>>
>>I can refresh the page or go to any other page in my application and 
>>the user agent is fine again.
>>
>>The only thing a bit non-standard about this JSP page is that it is a 
>>SiteMesh decorator page.
>>
>>If I run the same test, same pages in Tomcat 5.5.9 I never get 
>>user-agent of null.
>>
>>Our application does check the user-agent header a good bit. 
>>We use Select
>>lists with option groups - but some browsers do not support this so we 
>>simulate it by indenting the select options ourselves.
>>
>>Luckily all of this activity happens well after the initial login - so 
>>we are safe, now that I changed the decorator to make sure user-agent 
>>is not null before doing anything with it.
>>
>>But it seems other applications might be affected by this - no?
>>
>>Thanks again - Richard
>>
>>
>>
>>
>>
>>
>>-----Original Message-----
>>From: Leon Rosenberg [mailto:rosenberg.leon@googlemail.com]
>>Sent: Sunday, October 09, 2005 1:45 PM
>>To: Tomcat Users List; rnmixon@qwest.net
>>Subject: Re: Tomcat 5.5.12 and user-agent header
>>
>>Hmm, I downloaded 5.5.12 and tried the agent-header specific code with
>>it:
>>
>>	public void processLogin(User user, HttpServletRequest req, 
>>HttpServletResponse res) {
>>		StringBuffer info = new StringBuffer();
>>		info.append("login ");
>>		info.append(user.getUserName());
>>		info.append(" [");
>>		info.append(user.getUserId().getPlainPresentation());
>>		info.append("] ");
>>		info.append(user.getEmail());
>>		info.append(" ");
>>	
>>info.append(UserHelper.getGenderDescription(user.getGender()));
>>		info.append(" ");
>>	
>>info.append(UserHelper.getStatusDescription(user.getMembership
>>Status()));
>>		info.append(" ");
>>		info.append(req.getRemoteAddr());
>>		info.append(" / ");
>>		info.append(req.getRemoteHost());
>>		info.append(" Agent: ");
>>		info.append(req.getHeader("user-agent"));
>>		log.info(info);		
>>	}
>>
>>outcome was:
>>
>>2005-10-08 15:36:50,453 INFO  - login leon [6] xxx@xxx.xx male premium
>>127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; 
>>en-US;
>>rv:1.7) Gecko/20040626 Firefox/0.8
>>
>>which I think was same behaviour as before.
>>
>>I took tomcat out of the box (5.5.12 tar.gz) and only changed the http 
>>port.
>>
>>regards
>>leon
>>
>>
>>On 10/8/05, Richard Mixon <rnmixon@qwest.net> wrote:
>>    
>>
>>>I am just using the standard HTTP connector. This is on my
>>>      
>>>
>>development
>>    
>>
>>>workstation so I don't normally run JK and Apache, except for final
>>>      
>>>
>>testing.
>>    
>>
>>>On the developer list I did see one mention of user-agent
>>>      
>>>
>>header, but
>>    
>>
>>>on closer inspection it appeared to be for a completely
>>>      
>>>
>>different issue.
>>    
>>
>>>Thanks - Richard
>>>
>>>-----Original Message-----
>>>From: news [mailto:news@sea.gmane.org] On Behalf Of Bill Barker
>>>Sent: Friday, October 07, 2005 10:13 PM
>>>To: tomcat-user@jakarta.apache.org
>>>Subject: Re: Tomcat 5.5.12 and user-agent header
>>>
>>>
>>>"Richard Mixon" <rnmixon@qwest.net> wrote in message 
>>>news:007801c5ca7b$0c13cea0$8a01a8c0@smartfish...
>>>      
>>>
>>>>I tested out my application on 5.5.12 yesterday and
>>>>        
>>>>
>>noticed one small
>>    
>>
>>>>anomally. I had a JSP in my sitemesh decorator "default.jsp" that 
>>>>ends up  wrapping the login page for container managed 
>>>>authentication. This page  had  a statement
>>>>   String  _userAgent =
>>>>request.getHeader("user-agent").toLowerCase();
>>>>
>>>>It gets a null-pointer exception in 5.5.12, but under
>>>>        
>>>>
>>5.5.9 it runs
>>fine.
>>    
>>
>>>>In
>>>>5.5.12, after the login succeeds then the user-agent
>>>>        
>>>>
>>headers appear
>>    
>>
>>>>to be there just fine, but not on the initial login page.
>>>>
>>>>Is this a known issue?
>>>>
>>>>        
>>>>
>>>It's certainly not a known issue.  It would help a lot if you could 
>>>tell us which Connector you are using at the time (e.g. HTTP/1.1, 
>>>HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR).
>>>
>>>      
>>>
>>>>Thank you - Richard
>>>>
>>>>        
>>>>
>>>
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>    
>>
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>    
>>
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>  
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message