Tapestry 5
  1. Tapestry 5
  2. TAP5-1080

Page activation context lost when redirecting from HTTP to HTTPS due to the @Secure annotation

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 5.2, 5.1.0.5
    • Fix Version/s: 5.2.0
    • Component/s: tapestry-core
    • Labels:
    • Environment:

      Description

      When using @Secure on a page, if we get the page in http, we are redirected to the https page. But the context path is lost.

      Example :

      bouil@maggie:~/Documents/workspace/tapestry-secure-test$ curl -k -v http://localhost:8080/World

      • About to connect() to localhost port 8080 (#0)
      • Trying ::1... connected
      • Connected to localhost (::1) port 8080 (#0)
        > GET /World HTTP/1.1
        > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15
        > Host: localhost:8080
        > Accept: /
        >
        < HTTP/1.1 302 Found
        < Location: https://localhost:8443/
        < Content-Length: 0
        < Server: Jetty(6.1.10)
        <
      • Connection #0 to host localhost left intact
      • Closing connection #0
        bouil@maggie:~/Documents/workspace/tapestry-secure-test$

      The Index.java page contains :

      package org.bouil.tapestry.pages;

      import org.apache.tapestry5.annotations.Property;
      import org.apache.tapestry5.annotations.Secure;

      @Secure
      public class Index {

      @Property
      private String context;

      public void onActivate(String context)

      { this.context = context; }

      public String onPassivate()

      { return context; }

      }

      1. tapestry-secure-test.tar.bz2
        4 kB
        Nicolas Bouillon
      2. secure_redirect_context.patch
        7 kB
        Nicolas Bouillon

        Activity

        Nicolas Bouillon created issue -
        Hide
        Nicolas Bouillon added a comment -

        Full test case included

        Show
        Nicolas Bouillon added a comment - Full test case included
        Nicolas Bouillon made changes -
        Field Original Value New Value
        Attachment tapestry-secure-test.tar.bz2 [ 12439824 ]
        Hide
        Nicolas Bouillon added a comment -

        Proposed patch against
        http://svn.apache.org/repos/asf/tapestry/tapestry5/tags/releases/5.1.0.5/tapestry-core/src

        DIdn't manage to make the unit test working. (I don't know well TestNG and EasyMock... but anyway without any patch 16 tests failed)

        I've installed the package skipping test and get it working.

        I'm not sure of the part concerning the ComponentEventRequestFilter in TapestryModule.contributeComponentEventRequestHandler. Don't know if i have to pass ComponentEventRequestParameters.getEventContext() or ComponentEventRequestParameters.getPageActivationContext().

        bouil@maggie:~/Documents/workspace/test.tapestry$ curl -kv http://localhost:8080/World

        • About to connect() to localhost port 8080 (#0)
        • Trying ::1... connected
        • Connected to localhost (::1) port 8080 (#0)
          > GET /World HTTP/1.1
          > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15
          > Host: localhost:8080
          > Accept: /
          >
          < HTTP/1.1 302 Found
          < Location: https://localhost:8443/World
          < Content-Length: 0
          < Server: Jetty(6.1.10)
          <
        • Connection #0 to host localhost left intact
        • Closing connection #0
        Show
        Nicolas Bouillon added a comment - Proposed patch against http://svn.apache.org/repos/asf/tapestry/tapestry5/tags/releases/5.1.0.5/tapestry-core/src DIdn't manage to make the unit test working. (I don't know well TestNG and EasyMock... but anyway without any patch 16 tests failed) I've installed the package skipping test and get it working. I'm not sure of the part concerning the ComponentEventRequestFilter in TapestryModule.contributeComponentEventRequestHandler. Don't know if i have to pass ComponentEventRequestParameters.getEventContext() or ComponentEventRequestParameters.getPageActivationContext(). bouil@maggie:~/Documents/workspace/test.tapestry$ curl -kv http://localhost:8080/World About to connect() to localhost port 8080 (#0) Trying ::1... connected Connected to localhost (::1) port 8080 (#0) > GET /World HTTP/1.1 > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15 > Host: localhost:8080 > Accept: / > < HTTP/1.1 302 Found < Location: https://localhost:8443/World < Content-Length: 0 < Server: Jetty(6.1.10) < Connection #0 to host localhost left intact Closing connection #0
        Nicolas Bouillon made changes -
        Attachment secure_redirect_context.patch [ 12439828 ]
        Andreas Andreou made changes -
        Project Tapestry [ 10573 ] Tapestry 5 [ 12310833 ]
        Key TAPESTRY-2763 TAP5-1080
        Affects Version/s 5.1 [ 12313499 ]
        Affects Version/s 5.1 [ 12312964 ]
        Component/s tapestry-core [ 12312470 ]
        Component/s tapestry-core [ 12311285 ]
        Andreas Andreou made changes -
        Affects Version/s 5.1.0.5 [ 12313913 ]
        Affects Version/s 5.1 [ 12313499 ]
        Ulrich Stärk made changes -
        Assignee Ulrich Stärk [ ulrich.staerk ]
        Ulrich Stärk made changes -
        Original Estimate 0h [ 0 ]
        Remaining Estimate 0h [ 0 ]
        Fix Version/s 5.2.0 [ 12314122 ]
        Affects Version/s 5.2 [ 12313900 ]
        Ulrich Stärk made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        Howard M. Lewis Ship made changes -
        Summary Context info is lost when @Secure redirects from http to https Page activation context lost when redirecting from HTTP to HTTPS due to the @Secure annotation

          People

          • Assignee:
            Ulrich Stärk
            Reporter:
            Nicolas Bouillon
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development