I'm having a problem with some of the links on my web application on netbeans. The web app has spring mvc and spring security implemented.
So basically, I have a link on one of the pages
<td colspan="2" align="center">
<h3 align="#center">You can login here.</h3>
</td>
Then when I click "here", I get an error: "Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
The logs are as follows:
14:45:34,255 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
14:45:34,255 DEBUG FilterChainProxy:183 - Candidate is: '/login.jsp'; pattern is /**; matched=true
14:45:34,255 DEBUG FilterChainProxy:351 - /login.jsp at position 1 of 13 in additional filter chain; firing Filter: 'org.springframework.security.web.access.channel.ChannelProcessingFilter#a3d369'
14:45:34,255 DEBUG DefaultFilterInvocationSecurityMetadataSource:178 - Converted URL to lowercase, from: '/login.jsp'; to: '/login.jsp'
14:45:34,255 DEBUG DefaultFilterInvocationSecurityMetadataSource:196 - Candidate is: '/login.jsp'; pattern is /; matched=false
14:45:34,255 DEBUG DefaultFilterInvocationSecurityMetadataSource:196 - Candidate is: '/login.jsp'; pattern is /login.jsp*; matched=true
14:45:34,255 DEBUG ChannelProcessingFilter:101 - Request: FilterInvocation: URL: /login.jsp; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
14:45:34,255 DEBUG RetryWithHttpsEntryPoint:65 - Redirecting to:
14:45:34,271 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/'; to: '/'
If you notice, my app loses the url. It was able to match the url but then with the RetryWithHttpsEntryPoint, it's redirected to a blank url.
Any suggestions to fix this? Thanks!
this happens when you redirect to different url in your controller .
for eg:
return "redirect:/page";
where "page" is the direct name of page you want to navigate, you should use redirect in case you are redirecting to other mapping in your controller.
instead you should go for
return "/page";
Related
I would need to retrieve data from query headers for use in the GraphQl query controller. I searched around a bit and found the WebGraphQlInterceptor, but realized that when the WebGraphQlRequest argument is invoked it is completely devoid of information.
For example, this code:
#Component
class WebRequestInterceptor : WebGraphQlInterceptor {
val logger: Logger by lazy { LoggerFactory.getLogger(WebRequestInterceptor::class.java) }
override fun intercept(request: WebGraphQlRequest, chain: WebGraphQlInterceptor.Chain): Mono<WebGraphQlResponse> {
logger.info("URI", request.uri.toString())
logger.info("HEADERS", request.headers.toString())
logger.info("DOCUMENT", request.document)
return chain.next(request)
}
}
Returns:
2022-09-12 10:57:11.747 INFO 1 --- [or-http-epoll-1] b.s.b.gateway.auth.WebRequestInterceptor : URI *empty string*
2022-09-12 10:57:11.748 INFO 1 --- [or-http-epoll-1] b.s.b.gateway.auth.WebRequestInterceptor : HEADERS *empty string*
2022-09-12 10:57:11.748 INFO 1 --- [or-http-epoll-1] b.s.b.gateway.auth.WebRequestInterceptor : DOCUMENT *empty string*
P.S. The same thing happens if I try to log a single headers element using the request.headers.getFirst(..) function.
I am trying to implement login with Apple ID in a Spring Boot application. I have it currently working so that I get the Apple login screen, and can authorize access. However, when Apple redirects back to https://example.com/myapp/login/oauth2/apple, I get the following error in my log :
2020-03-10 09:41:32.574 DEBUG 13644 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /login/oauth2/code/apple at position 3 of 16 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-03-10 09:41:32.574 DEBUG 13644 --- [nio-8080-exec-5] o.s.security.web.FilterChainProxy : /login/oauth2/code/apple at position 4 of 16 in additional filter chain; firing Filter: 'CsrfFilter'
2020-03-10 09:41:32.575 DEBUG 13644 --- [nio-8080-exec-5] o.s.security.web.csrf.CsrfFilter : Invalid CSRF token found for https://example.com/myapp/login/oauth2/code/apple
How can I make this work properly, without disabling CSRF facilities?
The problem is in the samesite=lax in 'session' cookie. Because of that, previous session related to login is being blocked by browser and new session is being created after Apple redirects to redirectUrl. This happens to all POST requests, since it is security issue and browsers drop cross-domain cookies. In order to resolve this issue, I disabled samesite in chrome and added the following config to my backend:
#Configuration
public class CookieConfiguration {
#Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setSameSite("none");
serializer.setUseSecureCookie(true);
return serializer;
}
}
And my csrf config is as following:
.csrf(c -> c
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringAntMatchers("/login/oauth2/code/apple")
)
At least, this gives me a chance to test my code. I will keep updating if I find how to resolve this in production.
I have a strange issue using Spring mvc: while I'm trying to update one of my resources via PUT, it returns 400 Bad Request for the very same request - but only occasionally.
In Firebug, I use right click "resend" function, so assume all my PUT requests are completely the same.
I also set the log level to ALL for org.springframework.web to find out what's happening on the server side. In case of the response is 200 OK, everything seems fine:
2015-04-10 10:40:20,794 [http-8443-exec-12] TRACE servlet.DispatcherServlet:1048 - Bound request context to thread: SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade#321fa1b9]]
2015-04-10 10:40:20,795 [http-8443-exec-12] DEBUG servlet.DispatcherServlet:845 - DispatcherServlet with name 'springRestAPI' processing PUT request for [/rest/sites/25]
2015-04-10 10:40:20,796 [http-8443-exec-12] TRACE servlet.DispatcherServlet:1101 - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#6c9ddcc4] in DispatcherServlet with name 'springRestAPI'
2015-04-10 10:40:20,796 [http-8443-exec-12] DEBUG annotation.RequestMappingHandlerMapping:297 - Looking up handler method for path /sites/25
2015-04-10 10:40:20,797 [http-8443-exec-12] TRACE annotation.RequestMappingHandlerMapping:335 - Found 1 matching mapping(s) for [/sites/25] : [{[/sites/{siteId}],methods=[PUT],params=[],headers=[],consumes=[],produces=[],custom=[]}]
2015-04-10 10:40:20,797 [http-8443-exec-12] DEBUG annotation.RequestMappingHandlerMapping:302 - Returning handler method [public void something.SiteController.updateSite(long,something.resources.UpdatedSiteResource,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2015-04-10 10:40:20,797 [http-8443-exec-12] TRACE servlet.DispatcherServlet:1141 - Testing handler adapter [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter#5ec2c20d]
2015-04-10 10:40:20,798 [http-8443-exec-12] DEBUG mvc.WebContentInterceptor:146 - Looking up cache seconds for [/sites/25]
2015-04-10 10:40:20,798 [http-8443-exec-12] DEBUG mvc.WebContentInterceptor:158 - Applying default cache seconds to [/sites/25]
2015-04-10 10:40:20,799 [http-8443-exec-12] DEBUG annotation.RequestResponseBodyMethodProcessor:135 - Reading [class something.resources.UpdatedSiteResource] as "application/json;charset=utf-8" using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter#4de52e6]
2015-04-10 10:40:21,280 [http-8443-exec-12] DEBUG servlet.DispatcherServlet:1018 - Null ModelAndView returned to DispatcherServlet with name 'springRestAPI': assuming HandlerAdapter completed request handling
2015-04-10 10:40:21,281 [http-8443-exec-12] TRACE servlet.DispatcherServlet:1058 - Cleared thread-bound request context: SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade#321fa1b9]]
2015-04-10 10:40:21,281 [http-8443-exec-12] DEBUG servlet.DispatcherServlet:996 - Successfully completed request
But when the response is 400, there is nothing in the log: it does not even reaches the DispatcherServlet!
Any idea, how to proceed with this?
How can I force sammy.js to recognize a url /Brief to be the same as /brief?
this.get('/brief', function(context) {
console.log("BRIEF");
});
I have my CMS setup to generate lower case urls, however if a user types in a url with a camel case format I get the error:
Tue Mar 19 2013 15:39:31 GMT+1100 (AUS Eastern Daylight Time)] body 404 Not Found get /Brief Error {message: "404 Not Found get /Brief "}
The page still loads fine, but Sammy.js won't activate the module for that route.
You can use a case insensitive regex expression to match any case of alpha characters:
this.get(/\/brief/i, function(context) {
console.log("BRIEF");
});
Grails is so nice to append the parameters sent to console output in the case of an error:
2011-05-23 12:17:05,173 [http-8080-5] ERROR errors.GrailsExceptionResolver - Exception occurred when processing request: [POST] / - parameters:
maps: on
maps: on
maps: on
maps:
_isPublic:
description: test
name: set1
isPublic: on
Stacktrace follows:
...
But how can I tell it to always show me which parameters are sent (like in Rails, for example)?
My current log4j configuration looks as follows:
error 'org.codehaus.groovy.grails.web.servlet', // controllers
'org.codehaus.groovy.grails.web.pages', // GSP
'org.codehaus.groovy.grails.web.sitemesh', // layouts
'org.codehaus.groovy.grails.web.mapping.filter', // URL mapping
'org.codehaus.groovy.grails.web.mapping', // URL mapping
'org.codehaus.groovy.grails.commons', // core / classloading
'org.codehaus.groovy.grails.plugins', // plugins
'org.codehaus.groovy.grails.orm.hibernate', // hibernate integration
'org.springframework',
'org.hibernate',
'net.sf.ehcache.hibernate'
warn 'org.mortbay.log'
I don't believe Grails itself supports logging the request parameters for each request. However, you can easily implement this yourself in a filter:
package com.example
class MyFilters {
private static final log = org.apache.commons.logging.LogFactory.getLog(this)
def filters = {
paramLogger(controller:'*', action:'*') {
before = {
log.debug "request params: $params"
}
}
}
}
Remember to enable debug logging for this filter in `Config.groovy by adding
debug com.example
to the log4j closure
You probably want to get more output from org.codehaus.groovy.grails.web so set that one to a lower level (debug or trace)