Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1637

Http-404 is returned when accessing protected application context resource without a trailing slash

XMLWordPrintable

    • Hide
      • Use EAP 7.2.5 or later (but issue should be also reproducible on 7.2.4)
      • Have a simple servlet application secured with a "FORM" login auth-method
      • Access the application root context path without a trailing slash (e.g. "https://localhost:8443/context" )
      Show
      Use EAP 7.2.5 or later (but issue should be also reproducible on 7.2.4) Have a simple servlet application secured with a "FORM" login auth-method Access the application root context path without a trailing slash (e.g. "https://localhost:8443/context" )
    • Workaround Exists
    • Hide

      Possible workarounds:

      • use JBoss CLI with Undertow rewrite filter or expression-filter, aka:
      /subsystem=undertow/configuration=filter/rewrite=test-rewrite-slash:add(redirect="true",target="%U/")
      /subsystem=undertow/server=default-server/host=default-host/filter-ref=test-rewrite-slash:add(predicate="equals(%R,/context)")
      

      or

      /subsystem=undertow/configuration=filter/expression-filter=app-slash:add(expression="redirect('%U/')")
      /subsystem=undertow/server=default-server/host=default-host/filter-ref=app-slash:add(predicate="method(GET) and regex(pattern=/context, value=%U, full-match=true)")
      
      • modify the login.jsp file to send the POST always inside the context path:
        <form method="post" action="/context/j_security_check" enctype="application/x-www-form-urlencoded">
          Username <input type="text" name="j_username" /><br />
          Password <input type="password" name="j_password" />
          <input type="submit" name="submit" value="Login" />
        </form>
      
      Show
      Possible workarounds: use JBoss CLI with Undertow rewrite filter or expression-filter, aka: /subsystem=undertow/configuration=filter/rewrite=test-rewrite-slash:add(redirect= " true " ,target= "%U/" ) /subsystem=undertow/server= default -server/host= default -host/filter-ref=test-rewrite-slash:add(predicate= "equals(%R,/context)" ) or /subsystem=undertow/configuration=filter/expression-filter=app-slash:add(expression= "redirect( '%U/' )" ) /subsystem=undertow/server= default -server/host= default -host/filter-ref=app-slash:add(predicate= "method(GET) and regex(pattern=/context, value=%U, full-match= true )" ) modify the login.jsp file to send the POST always inside the context path: <form method= "post" action= "/context/j_security_check" enctype= "application/x-www-form-urlencoded" > Username <input type= "text" name= "j_username" /><br /> Password <input type= "password" name= "j_password" /> <input type= "submit" name= "submit" value= "Login" /> </form>

      When accessing an application that uses a "FORM" based login auth-method, the app root context parg (e.g "/context") is not redirected anymore with a trailing slash (e.g to "/context/").
      This leads the "J_security_check" to be checked on the uri path "/j_security_check" instead of "/context/j_security_check" and hence causing an HTTP-404 Not Found error.

              spyrkob Bartosz Spyrko-Smietanko
              spyrkob Bartosz Spyrko-Smietanko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: