Loading...

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/picketlink/picketlink-bindings/pull/128
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1282967, https://bugzilla.redhat.com/show_bug.cgi?id=1282969

Description of problem:

If a protected JSP page does a redirect and its the originally requested URL, after the IDP redirects the browser back to the SP and replays the original request an IllegalStateException will be thrown when the JSP attempts the redirect (<c:redirect>):

16:25:52,903 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/employee].[jsp]] (http-/127.0.0.1:8080-1) JBWEB000236: Servlet.service() for servlet jsp threw exception: java.lang.IllegalStateException
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:420) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.taglibs.standard.tag.common.core.RedirectSupport.doEndTag(RedirectSupport.java:152) [jboss-jstl-api_1.2_spec-1.0.6.Final-redhat-1.jar:1.0.6.Final-redhat-1]
at org.apache.jsp.index_jsp._jspx_meth_c_005fredirect_005f0(index_jsp.java:89)
at org.apache.jsp.index_jsp._jspService(index_jsp.java:62)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:69) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:365) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:309) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:242) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.4.Final-redhat-4.jar:7.5.4.Final-redhat-4]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]

How reproducible:

Modify the employee.war/index.jsp to perform a redirect:

<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<c:redirect url="/blah.html"/>

Steps to Reproduce:
1. Create the idp and sp security-domains

<security-domain name="idp" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="sp" cache-type="default">
<authentication>
<login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="UsersRoles" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
</login-module>
</authentication>
</security-domain>

2. Deploy the idp.war and employee.war
3. Hit http://localhost:8080/employee/

Actual results:

IllegalStateException

Expected results:

Browser should get redirected to http://localhost:8080/employee/blah.html
Additional info:

is incorporated by

JBEAP-3803 PicketLink SP does not redirect back to original URL correctly

Closed

WFLY-6361 PicketLink SP does not redirect back to original URL correctly

Closed

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates