[Geoserver-devel] [jira] (GEOS-6076) j_spring_security_check does not Set-Cookie on first response anymore

Mon, 07 Oct 2013 08:26:04 -0700

Issue Type: Bug Bug
Affects Versions: 2.4.0
Assignee: Andrea Aime
Components: Security
Created: 07/Oct/13 10:22 AM
Description:

snippet for GeoServer 2.0 (btw 2.2 is the same):

bart-van-den-eijndens-macbook-pro:gxp bartvde$ curl --data 'username=admin&password=xxxx' "http://suite.opengeo.org/geoserver/j_spring_security_check" --verbose

  • About to connect() to suite.opengeo.org port 80 (#0)
  • Trying 184.154.70.215...
  • connected
  • Connected to suite.opengeo.org (184.154.70.215) port 80 (#0)
    > POST /geoserver/j_spring_security_check HTTP/1.1
    > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
    > Host: suite.opengeo.org
    > Accept: /
    > Content-Length: 29
    > Content-Type: application/x-www-form-urlencoded
    >
  • upload completely sent off: 29 out of 29 bytes
  • HTTP 1.0, assume close after body
    < HTTP/1.0 302 Moved Temporarily
    < Date: Thu, 03 Oct 2013 21:06:50 GMT
    < Server: Apache-Coyote/1.1
    < Location: http://suite.opengeo.org/geoserver/web
    < Content-Length: 0
    < Set-Cookie: JSESSIONID=161D8384AAB1D71F27DD49716A86419E; Path=/geoserver
    < Content-Type: text/plain
    < X-Cache: MISS from localhost
    < X-Cache-Lookup: MISS from localhost:3128
    < Via: 1.0 suite.opengeo.org, 1.1 localhost:3128 (squid/2.7.STABLE9)
    < Connection: close
    <
  • Closing connection #0

So basically the 302 response used to have the Set-Cookie header, but not anymore.

GeoServer 2.4, without -L:

bart-van-den-eijndens-macbook-pro:gxp bartvde$ curl --data "username=admin&password=geoserver" "http://localhost:8080/geoserver/j_spring_security_check" --verbose

  • About to connect() to localhost port 8080 (#0)
  • Trying ::1...
  • connected
  • Connected to localhost (::1) port 8080 (#0)
    > POST /geoserver/j_spring_security_check HTTP/1.1
    > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
    > Host: localhost:8080
    > Accept: /
    > Content-Length: 33
    > Content-Type: application/x-www-form-urlencoded
    >
  • upload completely sent off: 33 out of 33 bytes
    < HTTP/1.1 302 Found
    < Location: http://localhost:8080/geoserver/web
    < Content-Length: 0
    < Server: Jetty(6.1.8)
    <
  • Connection #0 to host localhost left intact
  • Closing connection #0

GeoServer 2.4 with -L :

bart-van-den-eijndens-macbook-pro:gxp bartvde$ curl --data "username=admin&password=geoserver" "http://localhost:8080/geoserver/j_spring_security_check" --verbose -L

  • About to connect() to localhost port 8080 (#0)
  • Trying ::1...
  • connected
  • Connected to localhost (::1) port 8080 (#0)
    > POST /geoserver/j_spring_security_check HTTP/1.1
    > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
    > Host: localhost:8080
    > Accept: /
    > Content-Length: 33
    > Content-Type: application/x-www-form-urlencoded
    >
  • upload completely sent off: 33 out of 33 bytes
    < HTTP/1.1 302 Found
    < Location: http://localhost:8080/geoserver/web
    < Content-Length: 0
    < Server: Jetty(6.1.8)
    <
  • Connection #0 to host localhost left intact
  • Issue another request to this URL: 'http://localhost:8080/geoserver/web'
  • Violate RFC 2616/10.3.3 and switch from POST to GET
  • Re-using existing connection! (#0) with host (nil)
  • Connected to (nil) (::1) port 8080 (#0)
    > GET /geoserver/web HTTP/1.1
    > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
    > Host: localhost:8080
    > Accept: /
    >
    < HTTP/1.1 302 Found
    < Location: http://localhost:8080/geoserver/web/;jsessionid=1wqm9pg9ek33w
    < Expires: Thu, 01 Jan 1970 00:00:00 GMT
    < Set-Cookie: JSESSIONID=1wqm9pg9ek33w;Path=/geoserver
    < Content-Length: 0
    < Server: Jetty(6.1.8)
    <
  • Connection #0 to host (nil) left intact
  • Issue another request to this URL: 'http://localhost:8080/geoserver/web/;jsessionid=1wqm9pg9ek33w'
  • Re-using existing connection! (#0) with host (nil)
  • Connected to (nil) (::1) port 8080 (#0)
    > GET /geoserver/web/;jsessionid=1wqm9pg9ek33w HTTP/1.1
    > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
    > Host: localhost:8080
    > Accept: /
    >
    < HTTP/1.1 200 OK
    < Content-Type: text/html; charset=utf-8
    < Content-Language: en-US
    < Pragma: no-cache
    < Cache-Control: no-cache, max-age=0, must-revalidate, no-store
    < Content-Length: 7899
    < Server: Jetty(6.1.8)
    <
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
Project: GeoServer
Priority: Major Major
Reporter: Bart van den Eijnden
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira 
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to