The following errors are throwing when rendering a gadget in EPP 5.2. 2012-04-16 14:52:48,007 INFO [org.apache.shindig.auth.AuthenticationServletFilter] (ajp-10.177.43.74-8009-1) Malformed security token root:john:appid:cont:url:0 org.apache.shindig.auth.SecurityTokenException: Invalid security token root:john:appid:cont:url:0 After further troubleshooting, we realize this issue is caused by a redirect rule from http to https configured on F5 Bigip device. We've checked the source file org.exoplatform.portal.webui.application.GadgetUtil.java URL url = new URL(gadgetServer + (gadgetServer.endsWith("/") ? "" : "/") + "metadata"); URLConnection conn = url.openConnection(); conn.setDoOutput(true); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(data); wr.flush(); // Get the response result = IOUtils.toString(conn.getInputStream(), "UTF-8"); wr.close(); It appears that the URLConnection can't follow the redirection [1]. Can we make our code able to handle the redirect situation? [1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4620571
Do we already have a way to reproduce without F5 setup ?
We can't exactly reproduce the issue without F5 setup. Here is what I did: 1) create a filter with the following code: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse httpResp = (HttpServletResponse) response; httpResp.sendRedirect("/eXoGadgetServer/gadgets/redirectapirpc/"); return; } 2) add this filter as the last one in the filter chain in eXoGadgetServer.war/WEB-INF/web.xml: <filter> <filter-name>myRedirectFilter</filter-name> <filter-class>com.redhat.jboss.web.util.filter.RedirectFilter</filter-class> </filter> <filter-mapping> <filter-name>myRedirectFilter</filter-name> <url-pattern>/gadgets/api/rpc</url-pattern> </filter-mapping> 3) replace every instance of the url-pattern "/gadgets/api/rpc/*" in web.xml with "/gadgets/redirectapirpc/*" (for the JsonRpcServlet servlet mapping and all relevant filter mappings) Now I'm getting error: java.io.IOException: Server returned HTTP response code: 400 for URL: http://localhost:8080/eXoGadgetServer/gadgets/redirectapirpc It indicates that the redirection is not honored by the code.
(In reply to comment #2) > We can't exactly reproduce the issue without F5 setup. > > Here is what I did: > > 1) create a filter with the following code: > public void doFilter(ServletRequest request, ServletResponse response, > FilterChain chain) throws IOException, ServletException > { > HttpServletResponse httpResp = (HttpServletResponse) response; > httpResp.sendRedirect("/eXoGadgetServer/gadgets/redirectapirpc/"); > return; > } > > 2) add this filter as the last one in the filter chain in Actually, it should be adding this filter as the first one in the filter chain. > eXoGadgetServer.war/WEB-INF/web.xml: > <filter> > <filter-name>myRedirectFilter</filter-name> > > <filter-class>com.redhat.jboss.web.util.filter.RedirectFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>myRedirectFilter</filter-name> > <url-pattern>/gadgets/api/rpc</url-pattern> > </filter-mapping> > > 3) replace every instance of the url-pattern "/gadgets/api/rpc/*" in web.xml > with "/gadgets/redirectapirpc/*" (for the JsonRpcServlet servlet mapping and > all relevant filter mappings) > > Now I'm getting error: > > java.io.IOException: Server returned HTTP response code: 400 for URL: > http://localhost:8080/eXoGadgetServer/gadgets/redirectapirpc > > It indicates that the redirection is not honored by the code.
I'm able to reproduce the exact error in my test case now. In my previous attemps, I tested the import/export gadget. In this test I used the dashboard to launch the calculator gadget provided by EPP. I'm receiving the error message: 2012-05-08 15:43:30,895 INFO [org.apache.shindig.auth.AuthenticationServletFilter] (http-0.0.0.0-8080-2) Malformed security token root:john:appid:cont:url:0 org.apache.shindig.auth.SecurityTokenException: Invalid security token root:john:appid:cont:url:0 at org.apache.shindig.auth.BlobCrypterSecurityTokenCodec.createToken(BlobCrypterSecurityTokenCodec.java:106) at org.apache.shindig.auth.DefaultSecurityTokenCodec.createToken(DefaultSecurityTokenCodec.java:68) at org.apache.shindig.auth.UrlParameterAuthenticationHandler.getSecurityTokenFromRequest(UrlParameterAuthenticationHandler.java:56) at org.apache.shindig.auth.AuthenticationServletFilter.doFilter(AuthenticationServletFilter.java:84) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.shindig.common.servlet.HostFilter.doFilter(HostFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.valves.GadgetCookie.invoke(GadgetCookie.java:27) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) at java.lang.Thread.run(Thread.java:662) Please note that the redirection fails with the shindig authentication servlet just as mentioned in the javadoc [1] "When output streaming is enabled, authentication and redirection cannot be handled automatically." I believe the redirection works fine with a normal servlet situation. But it fails with shindig which requires some kind of authentication. [1] http://docs.oracle.com/javase/6/docs/api/java/net/HttpURLConnection.html#setChunkedStreamingMode
Created attachment 583073 [details] eXoGadgetServer.war servlet filter
I've uploaded the servlet filter used in my test. To use it just place it under eXoGadgetServer.war/WEB-INF/lib and configure it as mentioned in comment #2 as the very first in the filter chain in eXoGadgetServer.war/WEB-INF/web.xml.
We won't be able to fix for 5.2.2ER01. More likely 5.2.2.ER02 but I'm setting GA for now as it is only currently available option in BZ.
I'm not able to replicate the environment and still not able to find out what's wrong with the resources links.