Re: POST + 500 + Response returns no content

2017-03-13 Thread Marc Boorshtein 
>
>
>
>
>> E.g. "Transfer-Encoding: chunked" and "Content-Length" are mutually
>> exclusive, cannot be used at the same time, cannot be used more than
>> once. They should not be blindly copied.
>>
>
> Good question on that, I can take a look.  I remove Content-Length from
> the downstream response but I'll also see if removing Transfer-Encoding
> helps.
>
>
>
>>
>>
it looks like we have a winner!  I added Transfer-Encoding to the list of
downstream response headers to ignore and it looks like its working.

Thanks

Re: POST + 500 + Response returns no content

2017-03-13 Thread Marc Boorshtein 
>
>
>
> Status 500 means that some error happened during processing.
>
> Is there anything in the logs? Exceptions?
>
>
The 500 was generated by a downstream Tomcat 8.5.11 server, this one is
just trying to proxy the message.



> Maybe the browser closes the connection by its own decision, without
> reading the response? (Thus a
> org.apache.catalina.connector.ClientAbortException happens. I think it
> may be logged as status 500).
>
>
Usually you get an error on Tomcat when that happens


>
> If I see correctly, ProxyResponse copies the headers from somewhere
> (from a proxied response?).
>
> Are those headers sane and correct?
>
>
They're being proxied from the downstream server which is another tomcat.



> E.g. "Transfer-Encoding: chunked" and "Content-Length" are mutually
> exclusive, cannot be used at the same time, cannot be used more than
> once. They should not be blindly copied.
>

Good question on that, I can take a look.  I remove Content-Length from the
downstream response but I'll also see if removing Transfer-Encoding helps.



>
> The status code is coped from somewhere. Does it have the expected value
> (200)?
>
>
In this case 500 is expected since input didn't pass validation.


> Is the text in those headers (and status message) correct 7-bit
> US-ASCII characters?
>
>
> Can this be tested with a simple browser like Curl or Wget  that can
> log response headers?
> Or a simple raw client (telnet, puTTY).
>
>

i can see the headers in chrome and firefox.  Nothing out of the ordinary.


>
> I do not see anything in changelog for 8.0.40-8.0.41 that could result
> in such change in behaviour. Maybe configurations of the two systems
> are different?
>
>
No changes.  I have a source2image process that builds the docker container
https://github.com/TremoloSecurity/OpenUnisonS2IDocker so when a new
version comes out i just up the version number to get it pulled.


> Make sure that there are no duplicate jars in WEB-INF/lib.
> Sometimes building a project pulls in several copies of the same
> library, and the order of jars in WEB-INF/lib is random and depends on
> version of Java. Thus you won't know what version wins.
>
>
I don't think this is the issue since it happens ONLY on Post+500, not
Post+200



> Do both systems use the same connector type (bio/nio/apr,  ajp/http/https)?
>
>
>
both systems are using the same docker image base so exactly the same
except for the webapp


> Try running WireShark, to inspect network traffic?
> https://www.wireshark.org/


encrypted so not good


>
>
> Try running with a debugger?
> https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
>
yes, i have verified that my code is sending the expected data to Tomcat,
Tomcat is not doing anything with that data though.


Thanks
Marc

Re: POST + 500 + Response returns no content

2017-03-13 Thread Marc Boorshtein 
>
>
> I'm working directly with the servlet api.  Whats odd is it worked fine in
> 8.0.39.  The response is set first:
>
>
>
Also, I just verified the issue doesn't occur using undertow 1.3.25

Re: POST + 500 + Response returns no content

2017-03-13 Thread Konstantin Kolinko 
2017-03-12 15:32 GMT+03:00 Marc Boorshtein :
> Mark & Olaf,
>
> I'm working directly with the servlet api.  Whats odd is it worked fine in
> 8.0.39.  The response is set first:
>
> https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/filter/PostProcess.java
> - lines 110-121
>
> Then I set the cookies and the headers:
>
> https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/ConfigSys.java
> line 310 -->
> https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/ProxyResponse.java
> line 205
>
> Finally, I'm writing the actual content:
>
> https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/ConfigSys.java
> line 316 --> line 515
>
> I setup traces and have verified that the codes are being set properly, the
> response isn't committed until AFTER I write the content but for some
> reason the data isn't going back to the browser (the headers aren't either
> so its not just the content).  The only thing thats sent back is the status
> code.

Status 500 means that some error happened during processing.

Is there anything in the logs? Exceptions?

Maybe the browser closes the connection by its own decision, without
reading the response? (Thus a
org.apache.catalina.connector.ClientAbortException happens. I think it
may be logged as status 500).


If I see correctly, ProxyResponse copies the headers from somewhere
(from a proxied response?).

Are those headers sane and correct?

E.g. "Transfer-Encoding: chunked" and "Content-Length" are mutually
exclusive, cannot be used at the same time, cannot be used more than
once. They should not be blindly copied.

The status code is coped from somewhere. Does it have the expected value (200)?

Is the text in those headers (and status message) correct 7-bit
US-ASCII characters?


Can this be tested with a simple browser like Curl or Wget  that can
log response headers?
Or a simple raw client (telnet, puTTY).


I do not see anything in changelog for 8.0.40-8.0.41 that could result
in such change in behaviour. Maybe configurations of the two systems
are different?

Make sure that there are no duplicate jars in WEB-INF/lib.
Sometimes building a project pulls in several copies of the same
library, and the order of jars in WEB-INF/lib is random and depends on
version of Java. Thus you won't know what version wins.

Do both systems use the same connector type (bio/nio/apr,  ajp/http/https)?


Try running WireShark, to inspect network traffic?
https://www.wireshark.org/

Try running with a debugger?
https://wiki.apache.org/tomcat/FAQ/Developing#Debugging

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: POST + 500 + Response returns no content

2017-03-12 Thread Marc Boorshtein 
Mark & Olaf,

I'm working directly with the servlet api.  Whats odd is it worked fine in
8.0.39.  The response is set first:

https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/filter/PostProcess.java
- lines 110-121

Then I set the cookies and the headers:

https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/ConfigSys.java
line 310 -->
https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/ProxyResponse.java
line 205

Finally, I'm writing the actual content:

https://github.com/TremoloSecurity/OpenUnison/blob/1.0.9/unison/unison-server-core/src/main/java/com/tremolosecurity/proxy/ConfigSys.java
line 316 --> line 515

I setup traces and have verified that the codes are being set properly, the
response isn't committed until AFTER I write the content but for some
reason the data isn't going back to the browser (the headers aren't either
so its not just the content).  The only thing thats sent back is the status
code.

Thanks

>
>
>

Re: POST + 500 + Response returns no content

2017-03-12 Thread Mark Thomas 
On 12 March 2017 05:12:09 GMT+00:00, Marc Boorshtein  
wrote:
>I'm running tomcat 8.0.41 on a CentOS7 Docker container.  Something
>very
>strange is happening.  If I use a GET and return a 200 with JSON
>content
>the data gets back to my browser.  But if I run a POST and return a 500
>with the content being JSON written to response.getOutputStream()
>(including a flush) I get no content getting back to my browser.  I can
>see
>the content being written and on a flush response is setting isCommited
>to
>true.  What am I missing?

How are you setting the response code?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: POST + 500 + Response returns no content

2017-03-12 Thread Olaf Kock 

Am 12.03.2017 um 06:12 schrieb Marc Boorshtein:
> What am I missing?
>
IMHO:
* A code sample, and if that doesn't uniquely answer the next question:
* Are you working directly on the Servlet API or involve any other
library? (which version?)

Without this, it's hard to give some suggestion with regards to code not
working.

Olaf

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

POST + 500 + Response returns no content

2017-03-11 Thread Marc Boorshtein 
I'm running tomcat 8.0.41 on a CentOS7 Docker container.  Something very
strange is happening.  If I use a GET and return a 200 with JSON content
the data gets back to my browser.  But if I run a POST and return a 500
with the content being JSON written to response.getOutputStream()
(including a flush) I get no content getting back to my browser.  I can see
the content being written and on a flush response is setting isCommited to
true.  What am I missing?

Thanks