I use Spring Boot 1.4.4.RELEASE in my application and my application is been deployed in AWS.
I am trying to have subdomain for each user like,
when user "test" logs in, the url will be test.XXX.com
Here XXX.com is my domain name.
For XXX.com, it works fine.
I recently bought one more domain for testing like XXX-test.com.
But, when an user logs in, I am getting the below exception.
java.lang.IllegalArgumentException: An invalid domain [.XXX-test.com] was specified for this cookie
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:183)
at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:125)
at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
at org.apache.catalina.connector.Response.addSessionCookieInternal(Response.java:959)
at org.apache.catalina.connector.Request.doGetSession(Request.java:3009)
at org.apache.catalina.connector.Request.getSession(Request.java:2367)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:896)
at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231)
at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.createNewSessionIfAllowed(HttpSessionSecurityContextRepository.java:427)
at org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper.saveContext(HttpSessionSecurityContextRepository.java:364)
at org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper.onResponseCommitted(SaveContextOnUpdateOrErrorResponseWrapper.java:85)
at org.springframework.security.web.util.OnCommittedResponseWrapper.doOnResponseCommitted(OnCommittedResponseWrapper.java:245)
at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:127)
at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138)
at org.springframework.security.web.util.OnCommittedResponseWrapper.sendRedirect(OnCommittedResponseWrapper.java:128)
at org.springframework.security.web.DefaultRedirectStrategy.sendRedirect(DefaultRedirectStrategy.java:57)
My Spring application.properties,
server.session.cookie.domain=.XXX-test.com
server.session.cookie.path=/
It works fine for other prod env with the below config.
server.session.cookie.domain=.XXX.com
server.session.cookie.path=/
Again, the prod config was deployed and tested few months ago with the spring boot version of 1.3.5.
Is there anything changed or anything missing here? Or, XXX-test.com is an issue?
Thanks,
According to RFC 6265 ( https://www.rfc-editor.org/rfc/rfc6265) starting with a . (dot) character may cause problems.
You could try to fallback to the LegacyCookieProcessor, see: How to change Cookie Processor to LegacyCookieProcessor in tomcat 8 for more info .
If you still have problems please inform us about your TC version.
Related
I realized my first WebApp with Vaadin 14 and deployed it to Tomcat 9 on the production server.
So far everything is working great, but when I'm using a non-existing route in the client browser the system responds with a plain text list of all available routes and shows even the following line on the bottom:
"This detailed message is only shown when running in development mode."
I have created the WAR-file with "-pProduction" and the startup-log of Tomcat does not show any dev-mode-message.
Any ideas what happens here? Thanks for reading my first question on this platform!
I worked my way through the Vaadin docs and tried the following entry in application.properties:
vaadin.productionMode=true
But nothing changed?
This is a known vulnetability CVE-2021-31413 in Vaadin 14.6.1 and older versions. The resolution is to update the Vaadin version to 14.6.2. The latest version is 14.9.1 as of writing this. Naturally I recommend that.
https://vaadin.com/security/cve-2021-31412
I have a spring boot application running on the spring-boot-starter-parent:2.6.1 version and springdoc-openapi-ui:1.2.32. Swagger is working fine locally. The problem comes when I deploy the app inside Kubernetes cluster. That time spring doc open API is automatically redirecting to HTTP(:80) instead of HTTPS. If I remove :80 from the base URL then swagger-ui is coming up. Using the example given here I have changed the generated server URL, so my REST APIs are working fine now. But how to get rid of the :80 port getting appended in the base URL automatically? What is the issue here?
Switching to the latest version of springdoc-openapi-ui:1.6.6 solved the problem.
This is in regards to the sample: msal-web-sample-0.1.0
I am using tomcat 9 and maven to build and run the msal-web-sample code. It is building fine and running, loading spring, etc. I am able to go out and get a username and passowrd login. However, when it tries to return back to my system (https://localhost:8443/msal4jsample/secure/aad) it just has a bit "ERROR PAGE!" heading with Home Page link going back to the main tomcat page.
In the tomcat runtime it has:
2021-06-29 15:28:06.108 ERROR 6360 --- [io-8443-exec-10] o.s.b.w.servlet.support.ErrorPageFilter : Cannot forward to error page for request [/secure/aad] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false
Of course, that doesn't apply to my setup.
I see the get in the logs returning back OK and don't see any errors on startup. I am at a loss as to where to go from here. Any thoughts?
Also, is there a non-spring implementation that can be used with java but still using MSAL?
Thanks
Alan
Please share additional information about the error. Do you have trouble regrading AAD? Check your environmental settings (Tomcat) if this isn't the case.
I have a Spring boot application and i want to host it in my VPS server (cpanel).
I'am using the last version of cpanel & WHM with easyapache 4.
I exactly followed the steps on this website : https://dzone.com/articles/deploying-war-file-in-easy-apache-4-tomcat-experim
But, nothing on the result. I got Error 404 when i access to my domain name.
If anyone can help me on this or anyone done this before could give the exact steps to follow.
Thank you.
I had difficulty with that too, use the link in the attachment that you will have an orientation, but it may be that not everything is 100% the same. If you have any questions during the process, you can contact!
change the name of the .war file to ROOT.war , and follow all the procedures described in the link;
In the "application.properties" file, add the "server.port" configuration for the port you found in the link (step 2, part 1).
ex: server.port=10003
Open the file "ea-tomcat85/logs/catalina.out" to see the errors thrown
link: https://suporte.hostgator.com.br/hc/pt-br/articles/360038980913-Como-configurar-o-Tomcat-
I am deploying the WSO2 Enterprise App Store into EC2 behind an elastic load balancer (ELB) and having some trouble getting things configured properly.
I have configured $INSTALL_PATH/repository/conf/carbon.xml with the proper HostName and MgtHostName of the ELB DNS name and I can get to the front-end of the app store and to the admin console.
I am unable to:
get user registrations working throuth the front end app store
get to the back-office console
The issue appears to be in routing requests to the identity service. I get an error like the following:
You are now being redirected to Identity Server. If the redirection fails, please click on the button below.
I then get a timeout on the redirect to this RFC1918, non-routed, address:
https://10.x.x.x:9443/adminsamlsso
I see no errors in the logs on startup or throughout execution of the application.
How can I configure this application such that all requests are re-routed through the AWS ELB (not the WSO2 load balancer) and not through the direct, local, IP address?
Please modify following configurations as well,
Update the AssertionConsumerService property for all apps(store, publisher, social) within /repository/conf/sso-idp-config.xml
You can find few jaggery apps within /repository/deployment/server/jaggeryapps/ directory. Each app has its own json config file within config directory.
Eg :- for store app /repository/deployment/server/jaggeryapps/store/config/store.json
You have to update the identityProviderURL property within ssoConfiguration in those apps as well.(store, publisher and social)
If you are using ES-1.0.0 It's better if you can move to the latest 1.2.0 M2.
We also faced similar issue and now fixed in the master branch.
If you need to continue with the same 1.0.0 you can get rid of this issue by updating,
<ES_HOME>/repository/deployment/server/jaggeryapps/store/controllers/login.jag, <ES_HOME>/repository/deployment/server/jaggeryapps/publisher/controllers/login.jag
<ES_HOME>/repository/deployment/server/jaggeryapps/store/controllers/logout.jag, <ES_HOME>/repository/deployment/server/jaggeryapps/publisher/controllers/logout.jag
You have to update the postUrl in above four files correctly.
NOW : postUrl = "https://" + process.getProperty('carbon.local.ip') + ":" + process.getProperty('https.port');
It should be something like https://localhost:9443/
At the end post URL should be something like https://localhost:9443/admin/samlsso
<form method="post" action="<%=postUrl%>/admin/samlsso">