[
https://issues.apache.org/jira/browse/KNOX-913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15967216#comment-15967216
]
Attila Kanto commented on KNOX-913:
-----------------------------------
[~lmccay] thanks for review, you are right, strangely the '*' does not match
when the port is present, therefore I have attached a new patch which solves
the proble. Patch also contains proper unit tests to cover urls with default
and non-default ports: konx-913.patch_2.
This new patch works for non default and also for default ports.
About the patch: as I saw there is a o.a.h.gateway.util.urltemplate.Matcher
class which is responsible to do the url pattern matching. This Matcher class
is not a generic purpose pattern matching class but it is designed for matching
URLs and every piece of an URL (e.g. scheme, host, port, path, query etc.) have
and implementation in this class. In the attached patch I made the "port"
matching part of Matcher class optional and kept the original syntax in the
rewrite.xml (*:*).
> Invalid login.jsp redirect for Ranger Admin UI
> ----------------------------------------------
>
> Key: KNOX-913
> URL: https://issues.apache.org/jira/browse/KNOX-913
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Attila Kanto
> Assignee: Attila Kanto
> Fix For: 0.13.0
>
> Attachments: gateway_ranger.log, Screen Shot 2017-03-23 at
> 21.58.21.png
>
>
> I do not have an active Ranger session and I open the
> https://my.domain/gateway/mydatal/ranger/ url then I expect that I am
> redirected to https://my.domain/gateway/mydatal/ranger/login.jsp, but Knox
> redirects me to https://my.domain/login.jsp.
> {code}
> 2017-03-24 10:43:27,616 TRACE http.request
> (TraceRequest.java:traceRequestDetails(66)) -
> ||c383e5a3-61dc-4512-841b-f1e83a96e589|Request=GET /gateway/mydatal/ranger/
> Header[Cookie]=RANGERADMINSESSIONID=ABF32454952CA12E81F7B546C7244AD4;
> uluwatu.sid=s%3AcQRDydsJG5LvB19dREn6rBzljUqxbz.3U%2B1fRb8ystsOuPq2jp05rRFlcKX2D%2B3l%2B8pfAfEpPk;
>
> sultans.sid=s%3AO3upEx2Llfo0Z6DT5xoe6Po6IzqCdW.XRDuDKlpdTCRu%2FLvPl90rP1qgPeGkx1ryC5rIbZ7Nhc;
> source=undefined; _ga=GA1.2.630355210.1490351415; _gat=1
>
> Header[Accept]=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Header[Upgrade-Insecure-Requests]=1
> Header[User-Agent]=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
> Header[X-Forwarded-Host]=local.sequenceiq.com
> Header[X-Forwarded-Proto]=https
> Header[X-Forwarded-For]=192.168.99.1
> Header[Host]=local.sequenceiq.com
> Header[Accept-Encoding]=gzip, deflate, sdch, br
> Header[Accept-Language]=en-US,en;q=0.8,de;q=0.6,hu;q=0.4,tr;q=0.2
> Header[X-Forwarded-Server]=da3bcf70b3e6
> 2017-03-24 10:43:27,867 ERROR hadoop.gateway
> (UrlRewriteProcessor.java:rewrite(169)) - Failed to rewrite URL:
> http://local.sequenceiq.com/login.jsp, direction: OUT via rule:
> RANGERUI/rangerui/outbound/login/headers/location, status: FAILURE
> 2017-03-24 10:43:27,868 TRACE http.response
> (TraceResponse.java:traceResponseDetails(61)) -
> ||c383e5a3-61dc-4512-841b-f1e83a96e589|Response=302
> Header[X-Frame-Options]=DENY
> Header[Server]=Apache-Coyote/1.1
> Header[Date]=Fri, 24 Mar 2017 10:43:27 GMT
> Header[Date]=Fri, 24 Mar 2017 10:43:27 GMT
> Header[Location]=http://local.sequenceiq.com/login.jsp
> {code}
> This bug only occurs when I use the default port 443 is used. As you can see
> in this case the Header[X-Forwarded-Host] is set to local.sequenceiq.com
> without port information.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
