tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Tomcat not properly fully-qualifying redirect URLs
Date Fri, 03 Jul 2015 17:40:03 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

Running Tomcat 8.0.x trunk as of 1688887 (slightly old) on jdk1.8.0_45
on Mac OS X, I'm having intermittent problems with Tomcat appearing
not to change a relative URL into a fully-qualified URL for
redirection purposes.

Since it's intermittent, it's hard to catch. But I just found a case.

I have an HttpServletResponseWrapper that logs calls to sendRedirect()
by dumping-out the URL that was passed-into the sendRedirect method.

I have anonymized the URLs somewhat. I hope I haven't removed any
URL-escapes or anything like that to break the URLs... I can assure
you that they are correct. These are things that have been working for
years and years in production and other environments. This *only seems
to be a problem on my localhost environment*.

Here's what I just got:

2015-07-03 13:24:11,388 [catalina-exec-79] INFO  redirect-
sendRedirect:
location=/context/path/to/action.do?id=7734&returnURL=%2Fpath%2Fto%2Fano
ther%2Faction.do%3Fid%3D1045&cancelReturnURL=%2Fpath%2Fto%2Fanother%2Fac
tion.do%3Fid%3D1045

This is what the browser saw (care of LiveHttpHeaders):

(Request, then response)

http://localhost/context/path/to/action.do?id=7734&returnURL=%2Fpath%2Ft
o%2Faction.do%3Fid%3D1045&cancelReturnURL=%2Fpath%2Fto%2Faction.do%3Fid%
3D1045&submit=action%C2%A0%C2%A0%C2%BB

GET
/context/path/to/action.do?id=7734&returnURL=%2Fpath%2Fto%2Faction.do%3F
id%3D1045&cancelReturnURL=%2Fpath%2Fto%2Faction.do%3Fid%3D1045&submit=ac
tion%C2%A0%C2%A0%C2%BB
HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0)
Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://localhost/context/path/to/resume.do?id=7734&returnURL=%2Fpath%2Ft
o%2Faction.do%3Fid%3D1045&cancelReturnURL=%2Fpath%2Fto%2Faction.do%3Fid%
3D1045
Cookie: JSESSIONID=A96FC368FB3E1D132CE3EAEFB697A43A.myworker
Connection: keep-alive

HTTP/1.1 302 Found
Date: Fri, 03 Jul 2015 17:30:58 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/0.9.8zd mod_jk/1.2.41-dev
Location:
http://context/path/to/questions.do?id=7734&u=14e54f8a677&returnURL=%2Fp
ath%2Fto%2Faction.do%3Fid%3D1045&cancelReturnURL=%2Fpath%2Fto%2Faction.d
o%3Fid%3D1045
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
- ----------------------------------------------------------

Note the "Location" header in the response. It looks like Tomcat took
the URL passed-into sendRedirect and then just added "http:/" to the
beginning of it.

I'm proxying through httpd 2.4.10 using mod_proxy_ajp. Here is my
<Connector>:

    <Connector port="8215"
       redirectPort="443"
           protocol="org.apache.coyote.ajp.AjpNioProtocol"
        URIEncoding="UTF-8"
         packetSize="65536"
           executor="tomcatThreadPool" />

I have a fairly standard ProxyPass handling requests to /context

ProxyPass /context/ ajp://localhost:8215/context/
ProxyPassReverse /context/ ajp://localhost:8215/context/

Note that we don't use mod_proxy_ajp in production; we use mod_jk
instead. I also haven't instrumented the connection between Tomcat and
httpd. This could definitely be a mod_proxy_ajp problem.

Any ideas?

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVlsjzAAoJEBzwKT+lPKRYRogQALXQ5Dn1zss9d7VDXNRv41zr
fNjqe06ri2LdoB7TiItRvX5m2wlWWkG4yI5aaRAhB+bbZdK5bOjAh7Ak2onxOGKs
9z/hAEyzEXuGWc789hm4y8aGyn2SFPCh/qn/IhJZ/jfEnYGxk2H+DQT3VzJ6UZnm
MhDMJdsve4QKDGFxwrg94qaZOttxsIpabHX7OtNTxsQm+nW59KIg0CgPRR3f93Yz
iruOHopZzOmiZLzb/+CHOTdP3zb1tYrzwk+DlWC/k5hHOhI+mVP8pBNmnA4xgapd
jF4b/aSb4c47cbhl0LnePMOh9WSZ+S1aty5XKsOMt9tM/v51V5UhmMp3/LCHq3Ty
fdMSnMdPohXNkS78Xd9LNIDat8cNW+UHCuGFohvb7HtLgvz7KmNZvMmWTAsAm/M0
k9QhL47XZCpfBWZhbBK4+ovqQW8bjFQtoaaFmsN9Mkea8UKn0mgpLQij0irp3XaA
qehyd6VyHFO9F6c3JH+L1r9mOZ+1TcGSgHNFSrdt14n1kEVKjmz313ygT3+qJZI9
BGRzAxiHstfw7vYwI4SD2mlZHABYHrZha6UouIxaIFv0+qrTsE6GJA0SomAgOgLq
limsu2ji8RJ61Hr5j1YDM+U7r8YCTdDMb2SYOnnAhMJEGPaEzV1ppkfCZsHqSeog
n/6o+XdHzpMp/v7E1zRC
=EOoE
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message