Hi guys,
Could you help me with GlassFish 2.1. GlassFish doesn't permit %3A after any security-constrain added.
Say, add constraint to web.xml
<security-constraint>
<display-name>Restrict raw XHTML Documents</display-name>
<web-resource-collection>
<web-resource-name>XHTML</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint />
</security-constraint>
After that try
http://localhost:8080/zz%3A
I believe the url is correct. GlassFish returns HTTP Status 503.
I looked inside sources. Internal cause is
java.lang.IllegalArgumentException: invalid URLPatternSpec
at javax.security.jacc.URLPatternSpec.setURLPatternArray(URLPatternSpec.java:361)
at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:119)
at javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:176)
at com.sun.web.security.WebSecurityManager.createWebResourcePermission(WebSecurityManager.java:404)
at com.sun.web.security.WebSecurityManager.hasResourcePermission(WebSecurityManager.java:417)
at com.sun.web.security.RealmAdapter.invokeWebSecurityManager(RealmAdapter.java:858)
at com.sun.web.security.RealmAdapter.preAuthenticateCheck(RealmAdapter.java:1123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:633)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:625)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:380)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
WebSecurityManager passes /zz: and IllegalArgumentException is thrown since URLPatternSpec uses colon symbol as URLPattern delimeter.
GlassFish code is
String uri = (String) httpsr.getAttribute(Globals.CONSTRAINT_URI);
if (uri == null) {
uri = httpsr.getRequestURI();
}
httpsr.getRequestURI() returns /zz%3A. But httpsr.getAttribute(Globals.CONSTRAINT_URI) returns /zz: since org.apache.tomcat.util.http.mapper.Mapper puts decoded requestPath into mappingData.
Why WebSecurityManager passes decoded request path? Is there a workaround?
[Message sent by forum member 'mychka' ]
http://forums.java.net/jive/thread.jspa?messageID=372345