Jess Holle
Wed, 12 Oct 2005 09:58:07 -0700
Richard Mixon wrote:
OK - yes, it was lack of sleep that was causing the problem to not appear, I was starting Tomcat 5.5.9 instead of 5.5.12, sorry :( The problem is still there. I even took SiteMesh out of the picture, to make sure it was not the problem (should of done that sooner). Here are the steps: 1) Request a protected page form my app. 2) My CMA login page pops up, I enter userid and password. 3) This POST is issued when I submit it: POST /stars/auth/ j_username=user1&j_password=password1&login=Login 4) HTTPLiveHeaders show all of the GET requests have a user-agent set (I've included all 90 lines of them below). 5) My page that appears has the following code: <% String _userAgent = request.getHeader("user-agent"); out.write("USER-AGENT="+_userAgent); ... 6) And displays the following on my page: USER-AGENT=null Unless someone has other ideas I'm thinking it's a but in 5.5.12 at this point and will post it to Bugzilla. Thanks to Mark and others for their help. - Richard START OF HTTPLiveHeaders capture from the above POST: http://smartfish:8080/stars/auth/ POST /stars/auth/ HTTP/1.1 Host: smartfish:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://smartfish:8080/stars/HomePage.do Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1 Content-Type: application/x-www-form-urlencoded Content-Length: 45 j_username=user1&j_password=password1&login=Login HTTP/1.x 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc e66f99c809283638f344ecb3d50674ea64189 Content-Length: 0 Date: Wed, 12 Oct 2005 16:33:46 GMT ---------------------------------------------------------- http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc e66f99c809283638f344ecb3d50674ea64189 GET /stars/j_security_check?j_username=user1&j_password=fbce66f99c809283638f344e cb3d50674ea64189 HTTP/1.1 Host: smartfish:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://smartfish:8080/stars/HomePage.do Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1 HTTP/1.x 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: http://smartfish:8080/stars/HomePage.do Content-Length: 0 Date: Wed, 12 Oct 2005 16:33:46 GMT ---------------------------------------------------------- http://smartfish:8080/stars/HomePage.do GET /stars/HomePage.do HTTP/1.1 Host: smartfish:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://smartfish:8080/stars/HomePage.do Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1 HTTP/1.x 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=UTF-8 Content-Language: en Content-Length: 2989 Date: Wed, 12 Oct 2005 16:33:52 GMT ---------------------------------------------------------- http://smartfish:8080/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/ images/cm_fill.gif GET /stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/images/cm_fill.gif HTTP/1.1 Host: smartfish:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7 Accept: image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://smartfish:8080/stars/HomePage.do Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1 HTTP/1.x 400 Invalid URI Server: Apache-Coyote/1.1 Transfer-Encoding: chunked Date: Wed, 12 Oct 2005 16:33:52 GMT Connection: close ---------------------------------------------------------- -----Original Message-----From: Richard Mixon [EMAIL PROTECTED] Sent: Wednesday, October 12, 2005 12:45 AMTo: 'Tomcat Users List' Subject: RE: Tomcat 5.5.12 and user-agent header Mark, Thanks - should have thought of that first. Now that I turned on LiveHTTPHeaders, I cannot get it to fail. I was able to do this consistently before. Just to be sure, I'll try again tomorrow morning. Maybe its just late. Thanks much - Richard -----Original Message----- From: Mark Thomas [EMAIL PROTECTED] Sent: Tuesday, October 11, 2005 6:14 PM To: 'Tomcat Users List'; [EMAIL PROTECTED] Subject: RE: Tomcat 5.5.12 and user-agent header Have you looked at the headers between Tomcat and your UA? Is your UA actually sending the UA header? If it is then it looks like a sitemesh problem from what you have described. There are a range of tools for looking at headers. livehttpheaders is good, as is TcpMon which is distributed as part of Axis.Mark-----Original Message----- From: Richard Mixon [EMAIL PROTECTED] Sent: Monday, October 10, 2005 12:00 AM To: 'Tomcat Users List' Subject: RE: Tomcat 5.5.12 and user-agent header Leon,Thank you for the test - but I still get a null user-agent right after the login. Here is a snippet of my code:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";><%@ include file="/common/taglibs.jspf"%> <%@ page import="com.ltoj.common.Constants" %> <html:html locale="true"> <head> <%@ include file="/common/meta.jspf" %> <title><decorator:title/></title><script type="text/javascript" src="<c:url value='/scripts/environment.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/util.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/helptip.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/tabs.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/CalendarPopup.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/chartWizard.js'/>"></script> <link rel="stylesheet" type="text/css" media="all" href="<c:url value='/styles/default.css'/>" /> <link rel="stylesheet" type="text/css" media="all" href="<c:url value='/styles/messages.css'/>" /> <link rel="stylesheet" type="text/css" media="all" href="<c:url value='/styles/tabs.css'/>" /><decorator:head/> <% String _userAgent = request.getHeader("user-agent");out.write("USER-AGENT='"+_userAgent+"'"); ...Here's the sequence: 1) I issue a request to this page.2) CMA says "oh, that's protected" and shows my custom login page. I get user-agent displayed fine:USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7'3) But on the next page (the original target page of the request), user-agent shows as null.USER-AGENT='null'I can refresh the page or go to any other page in my application and the user agent is fine again.The only thing a bit non-standard about this JSP page is that it is a SiteMesh decorator page.If I run the same test, same pages in Tomcat 5.5.9 I never get user-agent of null.Our application does check the user-agent header a good bit. We use Select lists with option groups - but some browsers do not support this so we simulate it by indenting the select options ourselves.Luckily all of this activity happens well after the initial login - so we are safe, now that I changed the decorator to make sure user-agent is not null before doing anything with it.But it seems other applications might be affected by this - no? Thanks again - Richard -----Original Message----- From: Leon Rosenberg [EMAIL PROTECTED] Sent: Sunday, October 09, 2005 1:45 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Tomcat 5.5.12 and user-agent header Hmm, I downloaded 5.5.12 and tried the agent-header specific code with it:public void processLogin(User user, HttpServletRequest req, HttpServletResponse res) {StringBuffer info = new StringBuffer(); info.append("login "); info.append(user.getUserName()); info.append(" ["); info.append(user.getUserId().getPlainPresentation()); info.append("] "); info.append(user.getEmail()); info.append(" "); info.append(UserHelper.getGenderDescription(user.getGender())); info.append(" "); info.append(UserHelper.getStatusDescription(user.getMembership Status())); info.append(" "); info.append(req.getRemoteAddr()); info.append(" / "); info.append(req.getRemoteHost()); info.append(" Agent: "); info.append(req.getHeader("user-agent")); log.info(info); } outcome was: 2005-10-08 15:36:50,453 INFO - login leon [6] [EMAIL PROTECTED] male premium127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;rv:1.7) Gecko/20040626 Firefox/0.8 which I think was same behaviour as before.I took tomcat out of the box (5.5.12 tar.gz) and only changed the http port.regards leon On 10/8/05, Richard Mixon <[EMAIL PROTECTED]> wrote:I am just using the standard HTTP connector. This is on mydevelopmentworkstation so I don't normally run JK and Apache, except for finaltesting.On the developer list I did see one mention of user-agentheader, buton closer inspection it appeared to be for a completelydifferent issue.Thanks - Richard -----Original Message----- From: news [EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Friday, October 07, 2005 10:13 PM To: tomcat-user@jakarta.apache.org Subject: Re: Tomcat 5.5.12 and user-agent header"Richard Mixon" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]I tested out my application on 5.5.12 yesterday andnoticed one smallanomally. I had a JSP in my sitemesh decorator "default.jsp" that ends up wrapping the login page for container managed authentication. This page had a statementString _userAgent = request.getHeader("user-agent").toLowerCase(); It gets a null-pointer exception in 5.5.12, but under5.5.9 it runs fine.In 5.5.12, after the login succeeds then the user-agentheaders appearIt's certainly not a known issue. It would help a lot if you could tell us which Connector you are using at the time (e.g. HTTP/1.1, HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR).to be there just fine, but not on the initial login page. Is this a known issue?Thank you - Richard---------------------------------------------------------------------To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]---------------------------------------------------------------------To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]