Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-12335

Protected JSF page can not be accessed with port 80

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 17.0.1.Final
    • JSF
    • Hide

      1. set the EAP to use port 80. and start EAP.

      2. build and deploy reproducer. (reproducer.zip)
      $ mvn clean package wildfly:deploy

      3. access the first xhtml.
      http://<host>/jsfcontroller/aaa/hello.xhtml

      • the port number is omitted because the server uses 80 port.

      4. press "Welcome" button, and it would be failed with JSF1099. reproduced.

      If EAP uses 8080 port, 4 would be succeeded and we can see the next page(welcome.xhtml).

      Show
      1. set the EAP to use port 80. and start EAP. 2. build and deploy reproducer. (reproducer.zip) $ mvn clean package wildfly:deploy 3. access the first xhtml. http://<host>/jsfcontroller/aaa/hello.xhtml the port number is omitted because the server uses 80 port. 4. press "Welcome" button, and it would be failed with JSF1099. reproduced. If EAP uses 8080 port, 4 would be succeeded and we can see the next page(welcome.xhtml).
    • Workaround Exists
    • Hide

      Listen any other port instead of port 80.

      Show
      Listen any other port instead of port 80.

      With the following conditions, the protected xhtml can not be accessed even if the page transition is valid.

      • set <protected-views> for a xthml in faces-config.xml
      • place the xhtml except for the root directory
      • undertow listens port 80

      The request will be failed with following Exception.

      ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /jsfcontroller/aaa/welcome.xhtml: javax.servlet.ServletException: JSF1099: Referer [sic] header value http://localhost/jsfcontroller/aaa/hello.xhtml does not appear to be a protected view. Preventing display of viewId /aaa/welcome.xhtml
      	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:683)
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
      	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
      	at io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:55)
      	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
      	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
      	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
      	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
      	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
      	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
      	at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.faces.application.ProtectedViewException: JSF1099: Referer [sic] header value http://localhost/jsfcontroller/aaa/hello.xhtml does not appear to be a protected view. Preventing display of viewId /aaa/welcome.xhtml
      	at com.sun.faces.lifecycle.RestoreViewPhase.maybeTakeProtectedViewAction(RestoreViewPhase.java:348)
      	at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:237)
      	at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
      	at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:133)
      	at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:201)
      	at javax.faces.webapp.FacesServlet.service(FacesServlet.java:670)
      	... 46 more
      

              rhn-support-tmiyargi Teresa Miyar Gil (Inactive)
              mstefank Martin Stefanko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: