[ https://issues.apache.org/jira/browse/JENA-2203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452965#comment-17452965 ]
Andy Seaborne edited comment on JENA-2203 at 12/3/21, 12:15 PM: ---------------------------------------------------------------- Hi [~beaudet] -- thanks for this and thanks for testing 4.3.0. The issue in the purl.org example is that there are two redirects at purl.org for this: first http->https to get https at purl.org , then https->http at otherServer. {{NORMAL}} does not follow the second step because it is "https" to "http" (the difference between {{NORMAL}} and {{ALWAYS}}). We probably should set {{ALWAYS}} for the 4.3 release as it is compatible (JENA-1263). I'd like to understand why the JDK HttpClient has made the choice it has for some security concern. Jena could provide managed https->http redirects itself in some kind of whitelist fashion but that isn't ideal for usability reasons. {{wget -S http://purl.org/iso25964/skos-thes}} ==> (abbreviated) {noformat} --2021-12-03 11:55:33-- http://purl.org/iso25964/skos-thes Connecting to purl.org (purl.org)|207.241.239.242|:80... HTTP request sent, awaiting response... HTTP/1.1 301 Moved Permanently location: https://purl.org/iso25964/skos-thes Location: https://purl.org/iso25964/skos-thes [following] --2021-12-03 11:55:33-- https://purl.org/iso25964/skos-thes Connecting to purl.org (purl.org)|207.241.239.242|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 303 SEE OTHER location: http://pub.tenforce.com/schemas/iso25964/skos-thes Location: http://pub.tenforce.com/schemas/iso25964/skos-thes [following] --2021-12-03 11:55:34-- http://pub.tenforce.com/schemas/iso25964/skos-thes Connecting to pub.tenforce.com (pub.tenforce.com)|185.105.200.57|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK {noformat} {{HttpClient.Redirect}} => {code:java} /** * Always redirect, except from HTTPS URLs to HTTP URLs. */ NORMAL {code} was (Author: andy.seaborne): Hi [~beaudet] -- thanks for this and thanks for testing 4.3.0. The issue in the purl.org example is that there are two redirects at purl.org for this: first http->https to get https://purl.org/ , then https->http://otherServer/. {{NORMAL}} does not follow the second step because it is "https" to "http" (the difference between {{NORMAL}} and {{ALWAYS}}). We probably should set {{ALWAYS}} for the 4.3 release as it is compatible (JENA-1263). I'd like to understand why the JDK HttpClient has made the choice it has for some security concern. Jena could provide managed https->http redirects itself in some kind of whitelist fashion but that isn't ideal for usability reasons. {{wget -S http://purl.org/iso25964/skos-thes}} ==> (abbreviated) {noformat} --2021-12-03 11:55:33-- http://purl.org/iso25964/skos-thes Connecting to purl.org (purl.org)|207.241.239.242|:80... HTTP request sent, awaiting response... HTTP/1.1 301 Moved Permanently location: https://purl.org/iso25964/skos-thes Location: https://purl.org/iso25964/skos-thes [following] --2021-12-03 11:55:33-- https://purl.org/iso25964/skos-thes Connecting to purl.org (purl.org)|207.241.239.242|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 303 SEE OTHER location: http://pub.tenforce.com/schemas/iso25964/skos-thes Location: http://pub.tenforce.com/schemas/iso25964/skos-thes [following] --2021-12-03 11:55:34-- http://pub.tenforce.com/schemas/iso25964/skos-thes Connecting to pub.tenforce.com (pub.tenforce.com)|185.105.200.57|:80... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK {noformat} {{HttpClient.Redirect}} => {code:java} /** * Always redirect, except from HTTPS URLs to HTTP URLs. */ NORMAL {code} > 303 redirect issues cropped up again in 4.3 snapshot > ---------------------------------------------------- > > Key: JENA-2203 > URL: https://issues.apache.org/jira/browse/JENA-2203 > Project: Apache Jena > Issue Type: Improvement > Affects Versions: Jena 4.3.0 > Reporter: David Beaudet > Priority: Major > > The same issue noted in #JENA-1263 with 303 redirects not being followed when > loading ontologies seems to have cropped up again in version 4.3.0 and > requires the following workaround in client code: > static { > HttpEnv.setDftHttpClient( > HttpClient.newBuilder() > .connectTimeout(Duration.ofSeconds(10)) > .followRedirects(Redirect.ALWAYS) > .build() > ); > The default builder sets Redirect.NORMAL which, at least in the latest > versions of Java (I'm using OpenJDK 16) doesn't appear to follow 303. > > Can reproduce with the following: > OntModel data = > ModelFactory.createOntologyModel(OntModelSpec.OWL_DL_MEM_RULE_INF); > data.read("http://purl.org/iso25964/skos-thes"); -- This message was sent by Atlassian Jira (v8.20.1#820001)