Tapestry 5
  1. Tapestry 5
  2. TAP5-1080

Page activation context lost when redirecting from HTTP to HTTPS due to the @Secure annotation

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.2, 5.1.0.5
    • Fix Version/s: 5.2.0
    • Component/s: tapestry-core
    • Labels:
    • Environment:

      Description

      When using @Secure on a page, if we get the page in http, we are redirected to the https page. But the context path is lost.

      Example :

      bouil@maggie:~/Documents/workspace/tapestry-secure-test$ curl -k -v http://localhost:8080/World

      • About to connect() to localhost port 8080 (#0)
      • Trying ::1... connected
      • Connected to localhost (::1) port 8080 (#0)
        > GET /World HTTP/1.1
        > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15
        > Host: localhost:8080
        > Accept: /
        >
        < HTTP/1.1 302 Found
        < Location: https://localhost:8443/
        < Content-Length: 0
        < Server: Jetty(6.1.10)
        <
      • Connection #0 to host localhost left intact
      • Closing connection #0
        bouil@maggie:~/Documents/workspace/tapestry-secure-test$

      The Index.java page contains :

      package org.bouil.tapestry.pages;

      import org.apache.tapestry5.annotations.Property;
      import org.apache.tapestry5.annotations.Secure;

      @Secure
      public class Index {

      @Property
      private String context;

      public void onActivate(String context)

      { this.context = context; }

      public String onPassivate()

      { return context; }

      }

      1. secure_redirect_context.patch
        7 kB
        Nicolas Bouillon
      2. tapestry-secure-test.tar.bz2
        4 kB
        Nicolas Bouillon

        Activity

        Hide
        Nicolas Bouillon added a comment -

        Proposed patch against
        http://svn.apache.org/repos/asf/tapestry/tapestry5/tags/releases/5.1.0.5/tapestry-core/src

        DIdn't manage to make the unit test working. (I don't know well TestNG and EasyMock... but anyway without any patch 16 tests failed)

        I've installed the package skipping test and get it working.

        I'm not sure of the part concerning the ComponentEventRequestFilter in TapestryModule.contributeComponentEventRequestHandler. Don't know if i have to pass ComponentEventRequestParameters.getEventContext() or ComponentEventRequestParameters.getPageActivationContext().

        bouil@maggie:~/Documents/workspace/test.tapestry$ curl -kv http://localhost:8080/World

        • About to connect() to localhost port 8080 (#0)
        • Trying ::1... connected
        • Connected to localhost (::1) port 8080 (#0)
          > GET /World HTTP/1.1
          > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15
          > Host: localhost:8080
          > Accept: /
          >
          < HTTP/1.1 302 Found
          < Location: https://localhost:8443/World
          < Content-Length: 0
          < Server: Jetty(6.1.10)
          <
        • Connection #0 to host localhost left intact
        • Closing connection #0
        Show
        Nicolas Bouillon added a comment - Proposed patch against http://svn.apache.org/repos/asf/tapestry/tapestry5/tags/releases/5.1.0.5/tapestry-core/src DIdn't manage to make the unit test working. (I don't know well TestNG and EasyMock... but anyway without any patch 16 tests failed) I've installed the package skipping test and get it working. I'm not sure of the part concerning the ComponentEventRequestFilter in TapestryModule.contributeComponentEventRequestHandler. Don't know if i have to pass ComponentEventRequestParameters.getEventContext() or ComponentEventRequestParameters.getPageActivationContext(). bouil@maggie:~/Documents/workspace/test.tapestry$ curl -kv http://localhost:8080/World About to connect() to localhost port 8080 (#0) Trying ::1... connected Connected to localhost (::1) port 8080 (#0) > GET /World HTTP/1.1 > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15 > Host: localhost:8080 > Accept: / > < HTTP/1.1 302 Found < Location: https://localhost:8443/World < Content-Length: 0 < Server: Jetty(6.1.10) < Connection #0 to host localhost left intact Closing connection #0
        Hide
        Nicolas Bouillon added a comment -

        Full test case included

        Show
        Nicolas Bouillon added a comment - Full test case included

          People

          • Assignee:
            Ulrich Stärk
            Reporter:
            Nicolas Bouillon
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development