Loading...

Details

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: PLINK_2.7.0.CR3
Component/s: BASE
Labels:
None

Steps to Reproduce:
Hide

Tested using:

EAP 6.3 CP3 with the onboard PicketLink version

EAP 6.3 CP3 with the 'master' build of picketlink and picketlink-bindings as of 2015-02-26

Deployed a minimal IDP which works fine
Deployed a minimal SP with this structure:
"/plhello" == context

http://myhost:8080/plhello/index.jsp

=> free access, page has links to:

/plhello/p/index2.jsp
/plhello/test/test.jsp

both of those are protected:

<security-constraint>
<display-name>protected</display-name>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<description/>
<url-pattern>/test/*</url-pattern>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description/>
<url-pattern>/p/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description/>
<role-name>JBossAdmin</role-name>
</security-role>

BindingType: REDIRECT

Test 1:
<ServiceURL>http://myhost:8080/plhello/</ServiceURL>

click on "/plhello/p/index2.jsp"
redirect to IDP, successful login
end up on http://myhost:8080/plhello/
instead of "/plhello/p/index2.jsp"
click on either "/plhello/p/index2.jsp" or "/plhello/test/test.jsp"
end up on http://myhost:8080/plhello/
instead of on the desired link

Test 2
<ServiceURL>http://myhost:8080/plhello/p/</ServiceURL>

click on "/plhello/p/index2.jsp"
redirect to IDP, successful login
end up with:
JBWEB000065: HTTP Status 500
logfile:

15:26:47,878 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/plhello].[default]] (http-orac.usersys.redhat.com/10.33.1.182:8080-1) JBWEB000236: Servlet.service() for servlet default threw exception: java.lang.IllegalStateException
at org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:392) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:730) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:363) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.servlets.DefaultServlet.doPost(DefaultServlet.java:399) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_76]

Manually go back to http://orac.usersys.redhat.com:8080/plhello/
and click on /plhello/p/index2.jsp or /plhello/test/test.jsp
=> correct page is show now.
Show
Tested using: EAP 6.3 CP3 with the onboard PicketLink version EAP 6.3 CP3 with the 'master' build of picketlink and picketlink-bindings as of 2015-02-26 Deployed a minimal IDP which works fine Deployed a minimal SP with this structure: "/plhello" == context http://myhost:8080/plhello/index.jsp => free access, page has links to: /plhello/p/index2.jsp /plhello/test/test.jsp both of those are protected: <security-constraint> <display-name>protected</display-name> <web-resource-collection> <web-resource-name>test</web-resource-name> <description/> <url-pattern>/test/*</url-pattern> </web-resource-collection> <web-resource-collection> <web-resource-name>protected</web-resource-name> <description/> <url-pattern>/p/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <security-role> <description/> <role-name>JBossAdmin</role-name> </security-role> BindingType: REDIRECT Test 1: <ServiceURL> http://myhost:8080/plhello/ </ServiceURL> click on "/plhello/p/index2.jsp" redirect to IDP, successful login end up on http://myhost:8080/plhello/ instead of "/plhello/p/index2.jsp" click on either "/plhello/p/index2.jsp" or "/plhello/test/test.jsp" end up on http://myhost:8080/plhello/ instead of on the desired link Test 2 <ServiceURL> http://myhost:8080/plhello/p/ </ServiceURL> click on "/plhello/p/index2.jsp" redirect to IDP, successful login end up with: JBWEB000065: HTTP Status 500 logfile: 15:26:47,878 ERROR [org.apache.catalina.core.ContainerBase. [jboss.web] . [default-host] . [/plhello] . [default] ] (http-orac.usersys.redhat.com/10.33.1.182:8080-1) JBWEB000236: Servlet.service() for servlet default threw exception: java.lang.IllegalStateException at org.apache.catalina.connector.ResponseFacade.sendError(ResponseFacade.java:392) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:730) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:363) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.servlets.DefaultServlet.doPost(DefaultServlet.java:399) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-1.jar:1.0.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.4.3.Final-redhat-2.jar:7.4.3.Final-redhat-2] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.4.10.Final-redhat-1.jar:7.4.10.Final-redhat-1] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_76] Manually go back to http://orac.usersys.redhat.com:8080/plhello/ and click on /plhello/p/index2.jsp or /plhello/test/test.jsp => correct page is show now.
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1196726

Description

Accessing a protected page on a sp application lead to login at the idp (correct) followed by either an HTTP error, or a redirect to the main page of the sp and not to the desired page

After login, the ServiceURL (picketlink.xml) is not redirecting to the desired page

Details

Description

Attachments

Activity

People

Dates