Bug 794462 (JBEPP-1502)

Summary: Gadget Export/Import not working with Proxy that requires security Cookie
Product: [JBoss] JBoss Enterprise Portal Platform 5 Reporter: William Antônio <wsiqueir>
Component: PortalAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 5.2.0.GACC: theute, wsiqueir
Target Milestone: ---   
Target Release: 5.2.x   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEPP-1502
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
JBoss EPP 5.2 Environment with Proxy that requires a security cookie, Apache in front of EPP with mod_jk
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description William Antônio 2012-02-06 11:56:33 UTC
Help Desk Ticket Reference: https://c.na7.visual.force.com/apex/Case_View?id=500A00000090hr4&sfdc.override=1
Steps to Reproduce: To reproduce we will need to have the following environment:

- Apache in front of EPP 5.2 with mod_jk
- Proxy that will check for some cookie;

Then you just need to access EPP through the Apache and see the error when trying to access Export/Import gadget.
Workaround Description: Not tested workaround:

- Get the portal request;
- Create a more elaborate elaborate request;
- Set the cookies from the portal request in our new request;
- Make the request to retrieve the JSON file;
- It should pass the proxy.
project_key: JBEPP

We are having an issue with EPP 5.2 and the Export/Import gadget. We know that this portlet loads stuffs through a REST call to EPP, so we configured proxy, Apache workers, etc, the gadget was supposed to work well, but it is not. We double, triple checked all the configuration, and everything sounds fine. The exclusivity is our proxy and it is explained in next lines.

Our proxy has a requirement to check a cookie to all requests that passes through it. It is a security cookie that checks the authorization of the logged user. The gadget presents an error because it tries to make a request to retrieve JSON data but this request doesn't contain the required cookie. We found that y allowing the "dump request" in JBoss WEB, so we could see that some requests were not preserving the cookies and we also can perfectly use the gadget when we hit JBoss directly.

Digging a little bit in the code, we found the root cause of this error (from Source: .portal/webui/portal/src/main/java/org/exoplatform/portal/webui/application/GadgetUtil.java):


public static String fetchGagdetRpcMetadata(String urlStr)
   {
      String result = null;

      ExoContainer container = ExoContainerContext.getCurrentContainer();
      GadgetRegistryService gadgetService =
         (GadgetRegistryService)container.getComponentInstanceOfType(GadgetRegistryService.class);
      try
      {
         String data = "[{method:\"gadgets.metadata\", id:\"test\", params: {ids:[\""
                   + urlStr + "\"], container:\"default\", language:\""
                   + gadgetService.getLanguage() + "\", country:\"" + gadgetService.getCountry() + "\", view:\"home\"}}]";

         // Send data
         String gadgetServer = getGadgetServerUrl();
         URL url = new URL(gadgetServer + (gadgetServer.endsWith("/") ? "" : "/") + "api/rpc");
         URLConnection conn = url.openConnection();
         conn.setRequestProperty("Content-Type", "application/json");
         conn.setDoOutput(true);
         OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
         wr.write(data);
         wr.flush();
         // Get the response
         result = IOUtils.toString(conn.getInputStream(), "UTF-8");
         wr.close();
      }
      catch (IOException ioexc)
      {
         ioexc.printStackTrace();
         return "{}";
      }
      return result;
   }



As you can see it's been opened an URL, and the cookies are dropped in this request, and then we get the error because the proxy will not allow the access to the JSON, but instead it will return a page to the user enter his credentials.


This is the Bug, you need to perform a more elaborate request at this point and include the cookies already present due a previous proxy authentication.

Comment 4 William Antônio 2012-02-17 21:30:53 UTC
After fix this request, we found other issue to retrieve the Application.gadget.xml from url /rest/jcr/repository/portal-system/production/app:gadgets/app:SiteExportImport/app:data/app:resources/Application.gadget.xml

About the issue:

Customer has a proxy in his environment with EPP that requires authentication. This proxy will look for a cookie in all request that pass through it. If the request doesn't have the cookies, the request will be denied.

The problem is that when you access Export/Import gadget, it will try to load some files making an HTTP request. For example:

/rest/jcr/repository/portal-system/production/app:gadgets/app:SiteExportImport/app:data/app:resources/Application.gadget.xml

/eXoGadgetServer/gadgets/js/rpc.js

/eXoGadgetServer/gadgets/api/rpc

But these requests are not including the Cookie required to pass the proxy.

Is there a way to intercept all these requests that EPP do to include the Cookie? What is the best way to do that?