Does this only occur when connecting directly to Tomcat or is it also an issue when going through Apache and mod_jk?

Richard Mixon wrote:

OK - yes, it was lack of sleep that was causing the problem to not appear, I
was starting Tomcat 5.5.9 instead of 5.5.12, sorry :(

The problem is still there. I even took SiteMesh out of the picture, to make
sure it was not the problem (should of done that sooner).

Here are the steps:

1) Request a protected page form my app.
2) My CMA login page pops up, I enter userid and password.
3) This POST is issued when I submit it:
    POST /stars/auth/ j_username=user1&j_password=password1&login=Login
4) HTTPLiveHeaders show all of the GET requests have a user-agent set
  (I've included all 90 lines of them below).
5) My page that appears has the following code:
 <%
 String _userAgent = request.getHeader("user-agent");
 out.write("USER-AGENT="+_userAgent);
 ...
6) And displays the following on my page:
 USER-AGENT=null

Unless someone has other ideas I'm thinking it's a but in 5.5.12 at this
point and will post it to Bugzilla.

Thanks to Mark and others for their help.

- Richard

START OF HTTPLiveHeaders capture from the above POST:

http://smartfish:8080/stars/auth/

POST /stars/auth/ HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
j_username=user1&j_password=password1&login=Login
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location:
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189

GET
/stars/j_security_check?j_username=user1&j_password=fbce66f99c809283638f344e
cb3d50674ea64189 HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1

HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://smartfish:8080/stars/HomePage.do
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/HomePage.do

GET /stars/HomePage.do HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1

HTTP/1.x 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 2989
Date: Wed, 12 Oct 2005 16:33:52 GMT
----------------------------------------------------------
http://smartfish:8080/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/
images/cm_fill.gif

GET
/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/images/cm_fill.gif
HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1

HTTP/1.x 400 Invalid URI
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 12 Oct 2005 16:33:52 GMT
Connection: close
----------------------------------------------------------




-----Original Message-----
From: Richard Mixon [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 12, 2005 12:45 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat 5.5.12 and user-agent header

Mark,

Thanks - should have thought of that first. Now that I turned on
LiveHTTPHeaders, I cannot get it to fail. I was able to do this consistently
before.

Just to be sure, I'll try again tomorrow morning. Maybe its just late.

Thanks much - Richard

-----Original Message-----
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 6:14 PM
To: 'Tomcat Users List'; [EMAIL PROTECTED]
Subject: RE: Tomcat 5.5.12 and user-agent header

Have you looked at the headers between Tomcat and your UA? Is your UA
actually sending the UA header? If it is then it looks like a sitemesh
problem from what you have described. There are a range of tools for looking
at headers.
livehttpheaders is good, as is TcpMon which is distributed as part of Axis.

Mark
-----Original Message-----
From: Richard Mixon [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 12:00 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat 5.5.12 and user-agent header

Leon,

Thank you for the test - but I still get a null user-agent right after the login. Here is a snippet of my code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";>
 <%@ include file="/common/taglibs.jspf"%>
 <%@ page import="com.ltoj.common.Constants" %>
 <html:html locale="true">
 <head>
 <%@ include file="/common/meta.jspf" %>
 <title><decorator:title/></title>
<script type="text/javascript" src="<c:url value='/scripts/environment.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/util.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/helptip.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/tabs.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/CalendarPopup.js'/>"></script> <script type="text/javascript" src="<c:url value='/scripts/chartWizard.js'/>"></script> <link rel="stylesheet" type="text/css" media="all" href="<c:url value='/styles/default.css'/>" /> <link rel="stylesheet" type="text/css" media="all" href="<c:url value='/styles/messages.css'/>" /> <link rel="stylesheet" type="text/css" media="all" href="<c:url value='/styles/tabs.css'/>" />
 <decorator:head/>
 <%
 String _userAgent = request.getHeader("user-agent");
out.write("USER-AGENT='"+_userAgent+"'"); ...

Here's the sequence:

1) I issue a request to this page.

2) CMA says "oh, that's protected" and shows my custom login page. I get user-agent displayed fine:
    USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
rv:1.7.12)
Gecko/20050915 Firefox/1.0.7'

3) But on the next page (the original target page of the request), user-agent shows as null.
    USER-AGENT='null'

I can refresh the page or go to any other page in my application and the user agent is fine again.

The only thing a bit non-standard about this JSP page is that it is a SiteMesh decorator page.

If I run the same test, same pages in Tomcat 5.5.9 I never get user-agent of null.

Our application does check the user-agent header a good bit. We use Select lists with option groups - but some browsers do not support this so we simulate it by indenting the select options ourselves.

Luckily all of this activity happens well after the initial login - so we are safe, now that I changed the decorator to make sure user-agent is not null before doing anything with it.

But it seems other applications might be affected by this - no?

Thanks again - Richard






-----Original Message-----
From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 09, 2005 1:45 PM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: Re: Tomcat 5.5.12 and user-agent header

Hmm, I downloaded 5.5.12 and tried the agent-header specific code with
it:

public void processLogin(User user, HttpServletRequest req, HttpServletResponse res) {
                StringBuffer info = new StringBuffer();
                info.append("login ");
                info.append(user.getUserName());
                info.append(" [");
                info.append(user.getUserId().getPlainPresentation());
                info.append("] ");
                info.append(user.getEmail());
                info.append(" ");
        
info.append(UserHelper.getGenderDescription(user.getGender()));
                info.append(" ");
        
info.append(UserHelper.getStatusDescription(user.getMembership
Status()));
                info.append(" ");
                info.append(req.getRemoteAddr());
                info.append(" / ");
                info.append(req.getRemoteHost());
                info.append(" Agent: ");
                info.append(req.getHeader("user-agent"));
                log.info(info);         
        }

outcome was:

2005-10-08 15:36:50,453 INFO  - login leon [6] [EMAIL PROTECTED] male premium
127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.7) Gecko/20040626 Firefox/0.8

which I think was same behaviour as before.

I took tomcat out of the box (5.5.12 tar.gz) and only changed the http port.

regards
leon


On 10/8/05, Richard Mixon <[EMAIL PROTECTED]> wrote:
I am just using the standard HTTP connector. This is on my
development
workstation so I don't normally run JK and Apache, except for final
testing.
On the developer list I did see one mention of user-agent
header, but
on closer inspection it appeared to be for a completely
different issue.
Thanks - Richard

-----Original Message-----
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
Sent: Friday, October 07, 2005 10:13 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: Tomcat 5.5.12 and user-agent header


"Richard Mixon" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
I tested out my application on 5.5.12 yesterday and
noticed one small
anomally. I had a JSP in my sitemesh decorator "default.jsp" that ends up wrapping the login page for container managed authentication. This page had a statement
  String  _userAgent =
request.getHeader("user-agent").toLowerCase();

It gets a null-pointer exception in 5.5.12, but under
5.5.9 it runs
fine.
In
5.5.12, after the login succeeds then the user-agent
headers appear
to be there just fine, but not on the initial login page.

Is this a known issue?

It's certainly not a known issue. It would help a lot if you could tell us which Connector you are using at the time (e.g. HTTP/1.1, HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR).

Thank you - Richard




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Reply via email to