glassfish
  1. glassfish
  2. GLASSFISH-12642

ServerAuthModule cannot forward or redirect to a SSL Facelets page - no active context error

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: v3.0.1
    • Fix Version/s: 3.1_b12
    • Component/s: web_container
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      12,642

      Description

      When implementing a ServerAuthModule which redirects to a Facelets page, a
      WELD-001303 No active contexts for scope type javax.enterprise.context.RequestScoped
      error is logged.

      This may be related to Glassfish Issue #11504 (https://glassfish.dev.java.net/issues/show_bug.cgi?
      id=11504)

      I will attach an example ServerAuthModule which can be used to trigger this error.

        Activity

        Hide
        cosmic added a comment -

        Created an attachment (id=4571)
        Example ServerAuthModule which triggers no active context error when redirecting to a JSF page

        Show
        cosmic added a comment - Created an attachment (id=4571) Example ServerAuthModule which triggers no active context error when redirecting to a JSF page
        Hide
        cosmic added a comment -

        The attached example ServerAuthModule can be used to trigger the error.

        If used unmodified, it must be installed in an application which has "/index.xhtml" as a JSF Facelets
        page.

        Then to trigger the error simply attempt to load "/j_security_check" (a simple GET request will do, no
        need to supply anything or do a POST request).

        To install, compile into a Jar and place in the glassfish/lib directory, and then modify the sun-web.xml
        to have
        <sun-web-app httpservlet-security-provider="openid-sam">

        Show
        cosmic added a comment - The attached example ServerAuthModule can be used to trigger the error. If used unmodified, it must be installed in an application which has "/index.xhtml" as a JSF Facelets page. Then to trigger the error simply attempt to load "/j_security_check" (a simple GET request will do, no need to supply anything or do a POST request). To install, compile into a Jar and place in the glassfish/lib directory, and then modify the sun-web.xml to have <sun-web-app httpservlet-security-provider="openid-sam">
        Hide
        Shing Wai Chan added a comment -

        Can you attach a test war file with source?

        Show
        Shing Wai Chan added a comment - Can you attach a test war file with source?
        Hide
        Shing Wai Chan added a comment -

        I have created a simple JSF CDI application using the attached ServerAuthModule.
        It can direct to index.xhtml and display correctly.

        Show
        Shing Wai Chan added a comment - I have created a simple JSF CDI application using the attached ServerAuthModule. It can direct to index.xhtml and display correctly.
        Hide
        cosmic added a comment -

        Created an attachment (id=4586)
        Complete project with detailed directions to trigger Issue 12642

        Show
        cosmic added a comment - Created an attachment (id=4586) Complete project with detailed directions to trigger Issue 12642
        Hide
        cosmic added a comment -

        I've attached a complete project which demonstrates this bug.

        The README.txt has complete details on reproducing this:

        This project is an example of Issue 12642
        https://glassfish.dev.java.net/issues/show_bug.cgi?id=12642

        Steps to reproduce:

        1. Build project

        • Run "ant" from root of project directory

        2. Create an empty glassfish domain

        • Run: asadmin create-domain --checkports=true Issue12642

        2. Install ServerAuthModule into glassfish

        • cp target/Issue12642.jar .../glassfish/domains/Issue12642/lib/

        3. Start Glassfish domain

        • Run: asadmin start-domain Issue12642

        4. Configure Glassfish to use ServerAuthModule

        • Run: asadmin create-message-security-provider --layer HttpServlet --classname au.projectx.openid.sam.OpenIdSam --providertype server openid-sam

        5. Deploy WAR

        • cp target/Issue12642.war .../glassfish/domains/Issue12642/autodeploy/

        6. Load welcome page in browser

        Now just click the link on the welcome page to see the error.

        For full stacktrace consult: .../glassfish/domains/Issue12642/logs/server.log

        Show
        cosmic added a comment - I've attached a complete project which demonstrates this bug. The README.txt has complete details on reproducing this: This project is an example of Issue 12642 https://glassfish.dev.java.net/issues/show_bug.cgi?id=12642 Steps to reproduce: 1. Build project Run "ant" from root of project directory 2. Create an empty glassfish domain Run: asadmin create-domain --checkports=true Issue12642 2. Install ServerAuthModule into glassfish cp target/Issue12642.jar .../glassfish/domains/Issue12642/lib/ 3. Start Glassfish domain Run: asadmin start-domain Issue12642 4. Configure Glassfish to use ServerAuthModule Run: asadmin create-message-security-provider --layer HttpServlet --classname au.projectx.openid.sam.OpenIdSam --providertype server openid-sam 5. Deploy WAR cp target/Issue12642.war .../glassfish/domains/Issue12642/autodeploy/ 6. Load welcome page in browser http://localhost:8080/Issue12642/ Now just click the link on the welcome page to see the error. For full stacktrace consult: .../glassfish/domains/Issue12642/logs/server.log
        Hide
        cosmic added a comment -

        Ah, I should have highlighted that the bug appears to be caused by a security constraint enforcing SSL:

        <security-constraint>
        <display-name>SSL</display-name>
        <web-resource-collection>
        <web-resource-name>All</web-resource-name>
        <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
        </security-constraint>

        With that redirecting fails as initially communicated.

        Show
        cosmic added a comment - Ah, I should have highlighted that the bug appears to be caused by a security constraint enforcing SSL: <security-constraint> <display-name>SSL</display-name> <web-resource-collection> <web-resource-name>All</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> With that redirecting fails as initially communicated.
        Hide
        Shing Wai Chan added a comment -

        Similar issue is found when a session is created before accessing the
        ServerAuthModule without SSL.

        Show
        Shing Wai Chan added a comment - Similar issue is found when a session is created before accessing the ServerAuthModule without SSL.
        Hide
        Shing Wai Chan added a comment -

        Sending
        web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/ApplicationDispatcher.java
        Sending web-core/src/main/java/org/apache/catalina/core/Constants.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/StandardContextValve.java
        Sending
        web-core/src/main/java/org/apache/catalina/core/StandardHostValve.java
        Transmitting file data .....
        Committed revision 38962.

        Show
        Shing Wai Chan added a comment - Sending web-core/src/main/java/org/apache/catalina/authenticator/FormAuthenticator.java Sending web-core/src/main/java/org/apache/catalina/core/ApplicationDispatcher.java Sending web-core/src/main/java/org/apache/catalina/core/Constants.java Sending web-core/src/main/java/org/apache/catalina/core/StandardContextValve.java Sending web-core/src/main/java/org/apache/catalina/core/StandardHostValve.java Transmitting file data ..... Committed revision 38962.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            cosmic
          • Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: