OK - yes, it was lack of sleep that was causing the problem to not appear, I
was starting Tomcat 5.5.9 instead of 5.5.12, sorry :(
The problem is still there. I even took SiteMesh out of the picture, to make
sure it was not the problem (should of done that sooner).
Here are the steps:
1) Request a protected page form my app.
2) My CMA login page pops up, I enter userid and password.
3) This POST is issued when I submit it:
POST /stars/auth/ j_username=user1&j_password=password1&login=Login
4) HTTPLiveHeaders show all of the GET requests have a user-agent set
(I've included all 90 lines of them below).
5) My page that appears has the following code:
<%
String _userAgent = request.getHeader("user-agent");
out.write("USER-AGENT="+_userAgent);
...
6) And displays the following on my page:
USER-AGENT=null
Unless someone has other ideas I'm thinking it's a but in 5.5.12 at this
point and will post it to Bugzilla.
Thanks to Mark and others for their help.
- Richard
START OF HTTPLiveHeaders capture from the above POST:
http://smartfish:8080/stars/auth/
POST /stars/auth/ HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
j_username=user1&j_password=password1&login=Login
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location:
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189
GET
/stars/j_security_check?j_username=user1&j_password=fbce66f99c809283638f344e
cb3d50674ea64189 HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://smartfish:8080/stars/HomePage.do
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/HomePage.do
GET /stars/HomePage.do HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
HTTP/1.x 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 2989
Date: Wed, 12 Oct 2005 16:33:52 GMT
----------------------------------------------------------
http://smartfish:8080/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/
images/cm_fill.gif
GET
/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/images/cm_fill.gif
HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
HTTP/1.x 400 Invalid URI
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 12 Oct 2005 16:33:52 GMT
Connection: close
----------------------------------------------------------
-----Original Message-----
From: Richard Mixon [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 12, 2005 12:45 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat 5.5.12 and user-agent header
Mark,
Thanks - should have thought of that first. Now that I turned on
LiveHTTPHeaders, I cannot get it to fail. I was able to do this consistently
before.
Just to be sure, I'll try again tomorrow morning. Maybe its just late.
Thanks much - Richard
-----Original Message-----
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 6:14 PM
To: 'Tomcat Users List'; [EMAIL PROTECTED]
Subject: RE: Tomcat 5.5.12 and user-agent header
Have you looked at the headers between Tomcat and your UA? Is your UA
actually sending the UA header? If it is then it looks like a sitemesh
problem from what you have described. There are a range of tools for looking
at headers.
livehttpheaders is good, as is TcpMon which is distributed as part of Axis.
Mark
> -----Original Message-----
> From: Richard Mixon [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 10, 2005 12:00 AM
> To: 'Tomcat Users List'
> Subject: RE: Tomcat 5.5.12 and user-agent header
>
> Leon,
>
> Thank you for the test - but I still get a null user-agent right after
> the login. Here is a snippet of my code:
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd";>
> <%@ include file="/common/taglibs.jspf"%>
> <%@ page import="com.ltoj.common.Constants" %>
> <html:html locale="true">
> <head>
> <%@ include file="/common/meta.jspf" %>
> <title><decorator:title/></title>
> <script type="text/javascript" src="<c:url
> value='/scripts/environment.js'/>"></script>
> <script type="text/javascript" src="<c:url
> value='/scripts/util.js'/>"></script>
> <script type="text/javascript" src="<c:url
> value='/scripts/helptip.js'/>"></script>
> <script type="text/javascript" src="<c:url
> value='/scripts/tabs.js'/>"></script>
> <script type="text/javascript" src="<c:url
> value='/scripts/CalendarPopup.js'/>"></script>
> <script type="text/javascript" src="<c:url
> value='/scripts/chartWizard.js'/>"></script>
> <link rel="stylesheet" type="text/css" media="all" href="<c:url
> value='/styles/default.css'/>" />
> <link rel="stylesheet" type="text/css" media="all" href="<c:url
> value='/styles/messages.css'/>" />
> <link rel="stylesheet" type="text/css" media="all" href="<c:url
> value='/styles/tabs.css'/>" />
> <decorator:head/>
> <%
> String _userAgent = request.getHeader("user-agent");
> out.write("USER-AGENT='"+_userAgent+"'");
> ...
>
> Here's the sequence:
>
> 1) I issue a request to this page.
>
> 2) CMA says "oh, that's protected" and shows my custom login page. I
> get user-agent displayed fine:
> USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
> rv:1.7.12)
> Gecko/20050915 Firefox/1.0.7'
>
> 3) But on the next page (the original target page of the request),
> user-agent shows as null.
> USER-AGENT='null'
>
> I can refresh the page or go to any other page in my application and
> the user agent is fine again.
>
> The only thing a bit non-standard about this JSP page is that it is a
> SiteMesh decorator page.
>
> If I run the same test, same pages in Tomcat 5.5.9 I never get
> user-agent of null.
>
> Our application does check the user-agent header a good bit.
> We use Select
> lists with option groups - but some browsers do not support this so we
> simulate it by indenting the select options ourselves.
>
> Luckily all of this activity happens well after the initial login - so
> we are safe, now that I changed the decorator to make sure user-agent
> is not null before doing anything with it.
>
> But it seems other applications might be affected by this - no?
>
> Thanks again - Richard
>
>
>
>
>
>
> -----Original Message-----
> From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
> Sent: Sunday, October 09, 2005 1:45 PM
> To: Tomcat Users List; [EMAIL PROTECTED]
> Subject: Re: Tomcat 5.5.12 and user-agent header
>
> Hmm, I downloaded 5.5.12 and tried the agent-header specific code with
> it:
>
> public void processLogin(User user, HttpServletRequest req,
> HttpServletResponse res) {
> StringBuffer info = new StringBuffer();
> info.append("login ");
> info.append(user.getUserName());
> info.append(" [");
> info.append(user.getUserId().getPlainPresentation());
> info.append("] ");
> info.append(user.getEmail());
> info.append(" ");
>
> info.append(UserHelper.getGenderDescription(user.getGender()));
> info.append(" ");
>
> info.append(UserHelper.getStatusDescription(user.getMembership
> Status()));
> info.append(" ");
> info.append(req.getRemoteAddr());
> info.append(" / ");
> info.append(req.getRemoteHost());
> info.append(" Agent: ");
> info.append(req.getHeader("user-agent"));
> log.info(info);
> }
>
> outcome was:
>
> 2005-10-08 15:36:50,453 INFO - login leon [6] [EMAIL PROTECTED] male premium
> 127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0;
> en-US;
> rv:1.7) Gecko/20040626 Firefox/0.8
>
> which I think was same behaviour as before.
>
> I took tomcat out of the box (5.5.12 tar.gz) and only changed the http
> port.
>
> regards
> leon
>
>
> On 10/8/05, Richard Mixon <[EMAIL PROTECTED]> wrote:
> > I am just using the standard HTTP connector. This is on my
> development
> > workstation so I don't normally run JK and Apache, except for final
> testing.
> >
> > On the developer list I did see one mention of user-agent
> header, but
> > on closer inspection it appeared to be for a completely
> different issue.
> >
> > Thanks - Richard
> >
> > -----Original Message-----
> > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
> > Sent: Friday, October 07, 2005 10:13 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: Tomcat 5.5.12 and user-agent header
> >
> >
> > "Richard Mixon" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > >I tested out my application on 5.5.12 yesterday and
> noticed one small
> > >anomally. I had a JSP in my sitemesh decorator "default.jsp" that
> > >ends up wrapping the login page for container managed
> > >authentication. This page had a statement
> > > String _userAgent =
> > >request.getHeader("user-agent").toLowerCase();
> > >
> > > It gets a null-pointer exception in 5.5.12, but under
> 5.5.9 it runs
> fine.
> > > In
> > > 5.5.12, after the login succeeds then the user-agent
> headers appear
> > > to be there just fine, but not on the initial login page.
> > >
> > > Is this a known issue?
> > >
> >
> > It's certainly not a known issue. It would help a lot if you could
> > tell us which Connector you are using at the time (e.g. HTTP/1.1,
> > HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR).
> >
> > > Thank you - Richard
> > >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
