Hi,
I fixed it. That was easy.
It is still recommended not to send any output in any previous components.
It is a quite typical use case that a component checks the credentials
and returns DECLINED. But when doing it, it is recommended not to send
output. It still may break things. Think if ouy try to send pdf
documents and some auth component prepend some line feeds, the pdf is
broken. That was exactly a problem we had once.
I suggest to put a '%' on each empty line to suppress output. A '%'
marks the line as C++ without generating content:
<%pre>
#include <...>
...
</%pre>
%
%
<%cpp>
...
if (authorized)
return DECLINED;
else
throw tnt::HttpError(403);
</%cpp>
Note that line feed after the </%pre> is suppressed from ecpp. This is a
special feature. Otherwise you must say:
</%pre><%cpp>
This is also documented in the man page ecpp(7).
Btw. you may want to use "reply.notAuthorized" instead:
<%cpp>
...
if (!authorized)
return reply.notAuthorized("some realm");
return DECLINED;
</%cpp>
It is more clear, what is meant and sets the proper realm in the http reply.
And there is also a constant for 403: tnt::HTTP_FORBIDDEN.
I just see, that reply.notAuthorized uses 401: tnt::HTTP_UNAUTHORIZED. I
don't exactly know, if you need 403 instead.
Tommi
Am 25.06.2014 20:46, schrieb Tommi Mäkitalo:
> Hi,
>
> I know, that this is a problem. The static@tntnet componet expects to
> generate the full reply and sets the content size to the size of the
> file. It is optimized so that it bypass the normal ostringstream, which
> is normally used for output.
>
> But when I think again there is already a method
> "reply.getContentSize()" which returns the size of the content so far.
> This helps fixing the problem. I will take a look at it.
>
> Tommi
>
> Am 24.06.2014 15:11, schrieb Joeri Exelmans:
>> Hi,
>>
>> I think I've found a bug in the static component.
>>
>> Suppose we have the following tntnet.xml:
>>
>> ------------------------------------------------
>> <mapurl>
>> <url>^/$</url>
>> <target>check_if_authorized@my_fancy_library</target>
>> </mapurl>
>> <mapurl>
>> <url>^/$</url>
>> <target>static@tntnet</target>
>> <pathinfo>index.html</pathinfo>
>> </mapurl>
>> ------------------------------------------------
>>
>> And we have check_if_authorized.ecpp:
>>
>> ------------------------------------------------
>> <%pre>
>> #include <...>
>> ...
>> </%pre>
>>
>>
>> <%cpp>
>> ...
>> if (authorized)
>> return DECLINED;
>> else
>> throw tnt::HttpError(403);
>> </%cpp>
>> ------------------------------------------------
>> (note the 2 newlines between </%pre> and <%cpp>
>>
>> Now, if we visit the path '/' on the server, this causes the code in
>> check_if_authorized@my_fancy_library to be executed first, inserting 2
>> newlines in the response. Because 'check_if_authorized' returns
>> DECLINED, static@tntnet takes over and appends 'index.html' to the
>> response. The response now contains 2 newlines followed by the contents
>> of 'index.html'. However, in the response, the last 2 characters of
>> 'index.html' are missing.
>>
>> This probably has to do with line 373 of
>> /tntnet-2.2.1/framework/defcomp/static.cpp
>>
>> reply.setContentLengthHeader(count);
>>
>> This has to be replaced by
>>
>> reply.setContentLengthHeader(reply.getContentLengthHeader() + count);
>>
>> Or maybe it's even better if responses from the static component "clear"
>> all stuff that was previously written to reply.out() by other components.
>>
>> In my case, this 'bug' was easily worked around by not letting
>> check_if_authorized insert newlines in the response. But still, I had a
>> lot of trouble finding out the cause of these 'missing characters' at
>> the end of responses. Could maybe cause trouble for other people as well...
>>
>> Have a nice day,
>> Joeri
>>
>> ------------------------------------------------------------------------------
>> Open source business process management suite built on Java and Eclipse
>> Turn processes into business applications with Bonita BPM Community Edition
>> Quickly connect people, data, and systems into organized workflows
>> Winner of BOSSIE, CODIE, OW2 and Gartner awards
>> http://p.sf.net/sfu/Bonitasoft
>> _______________________________________________
>> Tntnet-general mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/tntnet-general
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Tntnet-general mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/tntnet-general
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Tntnet-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tntnet-general
