OK - yes, it was lack of sleep that was causing the problem to not appear, I
was starting Tomcat 5.5.9 instead of 5.5.12, sorry :(

The problem is still there. I even took SiteMesh out of the picture, to make
sure it was not the problem (should of done that sooner).

Here are the steps:

1) Request a protected page form my app.
2) My CMA login page pops up, I enter userid and password.
3) This POST is issued when I submit it:
     POST /stars/auth/ j_username=user1&j_password=password1&login=Login
4) HTTPLiveHeaders show all of the GET requests have a user-agent set
   (I've included all 90 lines of them below).
5) My page that appears has the following code:
  <%
  String _userAgent = request.getHeader("user-agent");
  out.write("USER-AGENT="+_userAgent);
  ...
6) And displays the following on my page:
  USER-AGENT=null

Unless someone has other ideas I'm thinking it's a but in 5.5.12 at this
point and will post it to Bugzilla.

Thanks to Mark and others for their help.

 - Richard

START OF HTTPLiveHeaders capture from the above POST:

http://smartfish:8080/stars/auth/

POST /stars/auth/ HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
j_username=user1&j_password=password1&login=Login
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location:
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189

GET
/stars/j_security_check?j_username=user1&j_password=fbce66f99c809283638f344e
cb3d50674ea64189 HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1

HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://smartfish:8080/stars/HomePage.do
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/HomePage.do

GET /stars/HomePage.do HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1

HTTP/1.x 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 2989
Date: Wed, 12 Oct 2005 16:33:52 GMT
----------------------------------------------------------
http://smartfish:8080/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/
images/cm_fill.gif

GET
/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/images/cm_fill.gif
HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1

HTTP/1.x 400 Invalid URI
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 12 Oct 2005 16:33:52 GMT
Connection: close
----------------------------------------------------------




-----Original Message-----
From: Richard Mixon [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 12, 2005 12:45 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat 5.5.12 and user-agent header

Mark,

Thanks - should have thought of that first. Now that I turned on
LiveHTTPHeaders, I cannot get it to fail. I was able to do this consistently
before.

Just to be sure, I'll try again tomorrow morning. Maybe its just late.

Thanks much - Richard

-----Original Message-----
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 6:14 PM
To: 'Tomcat Users List'; [EMAIL PROTECTED]
Subject: RE: Tomcat 5.5.12 and user-agent header

Have you looked at the headers between Tomcat and your UA? Is your UA
actually sending the UA header? If it is then it looks like a sitemesh
problem from what you have described. There are a range of tools for looking
at headers.
livehttpheaders is good, as is TcpMon which is distributed as part of Axis.

Mark 

> -----Original Message-----
> From: Richard Mixon [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 10, 2005 12:00 AM
> To: 'Tomcat Users List'
> Subject: RE: Tomcat 5.5.12 and user-agent header
> 
> Leon,
> 
> Thank you for the test - but I still get a null user-agent right after 
> the login. Here is a snippet of my code:
> 
>   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" 
>       "http://www.w3.org/TR/html4/loose.dtd";>
>   <%@ include file="/common/taglibs.jspf"%>
>   <%@ page import="com.ltoj.common.Constants" %>
>   <html:html locale="true">
>   <head>
>   <%@ include file="/common/meta.jspf" %>
>   <title><decorator:title/></title>
>   <script type="text/javascript" src="<c:url 
> value='/scripts/environment.js'/>"></script>
>   <script type="text/javascript" src="<c:url 
> value='/scripts/util.js'/>"></script>
>   <script type="text/javascript" src="<c:url 
> value='/scripts/helptip.js'/>"></script>
>   <script type="text/javascript" src="<c:url 
> value='/scripts/tabs.js'/>"></script>
>   <script type="text/javascript" src="<c:url 
> value='/scripts/CalendarPopup.js'/>"></script>
>   <script type="text/javascript" src="<c:url 
> value='/scripts/chartWizard.js'/>"></script>
>   <link rel="stylesheet" type="text/css" media="all" href="<c:url 
> value='/styles/default.css'/>" />
>   <link rel="stylesheet" type="text/css" media="all" href="<c:url 
> value='/styles/messages.css'/>" />
>   <link rel="stylesheet" type="text/css" media="all" href="<c:url 
> value='/styles/tabs.css'/>" />
>   <decorator:head/>
>   <%
>   String _userAgent = request.getHeader("user-agent");
>   out.write("USER-AGENT='"+_userAgent+"'"); 
>   ...
> 
> Here's the sequence:
> 
> 1) I issue a request to this page.
> 
> 2) CMA says "oh, that's protected" and shows my custom login page. I 
> get user-agent displayed fine:
>      USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
> rv:1.7.12)
> Gecko/20050915 Firefox/1.0.7'
> 
> 3) But on the next page (the original target page of the request), 
> user-agent shows as null.
>      USER-AGENT='null'
> 
> I can refresh the page or go to any other page in my application and 
> the user agent is fine again.
> 
> The only thing a bit non-standard about this JSP page is that it is a 
> SiteMesh decorator page.
> 
> If I run the same test, same pages in Tomcat 5.5.9 I never get 
> user-agent of null.
> 
> Our application does check the user-agent header a good bit. 
> We use Select
> lists with option groups - but some browsers do not support this so we 
> simulate it by indenting the select options ourselves.
> 
> Luckily all of this activity happens well after the initial login - so 
> we are safe, now that I changed the decorator to make sure user-agent 
> is not null before doing anything with it.
> 
> But it seems other applications might be affected by this - no?
> 
> Thanks again - Richard
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
> Sent: Sunday, October 09, 2005 1:45 PM
> To: Tomcat Users List; [EMAIL PROTECTED]
> Subject: Re: Tomcat 5.5.12 and user-agent header
> 
> Hmm, I downloaded 5.5.12 and tried the agent-header specific code with
> it:
> 
>       public void processLogin(User user, HttpServletRequest req, 
> HttpServletResponse res) {
>               StringBuffer info = new StringBuffer();
>               info.append("login ");
>               info.append(user.getUserName());
>               info.append(" [");
>               info.append(user.getUserId().getPlainPresentation());
>               info.append("] ");
>               info.append(user.getEmail());
>               info.append(" ");
>       
> info.append(UserHelper.getGenderDescription(user.getGender()));
>               info.append(" ");
>       
> info.append(UserHelper.getStatusDescription(user.getMembership
> Status()));
>               info.append(" ");
>               info.append(req.getRemoteAddr());
>               info.append(" / ");
>               info.append(req.getRemoteHost());
>               info.append(" Agent: ");
>               info.append(req.getHeader("user-agent"));
>               log.info(info);         
>       }
> 
> outcome was:
> 
> 2005-10-08 15:36:50,453 INFO  - login leon [6] [EMAIL PROTECTED] male premium
> 127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; 
> en-US;
> rv:1.7) Gecko/20040626 Firefox/0.8
> 
> which I think was same behaviour as before.
> 
> I took tomcat out of the box (5.5.12 tar.gz) and only changed the http 
> port.
> 
> regards
> leon
> 
> 
> On 10/8/05, Richard Mixon <[EMAIL PROTECTED]> wrote:
> > I am just using the standard HTTP connector. This is on my
> development
> > workstation so I don't normally run JK and Apache, except for final
> testing.
> >
> > On the developer list I did see one mention of user-agent
> header, but
> > on closer inspection it appeared to be for a completely
> different issue.
> >
> > Thanks - Richard
> >
> > -----Original Message-----
> > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
> > Sent: Friday, October 07, 2005 10:13 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: Tomcat 5.5.12 and user-agent header
> >
> >
> > "Richard Mixon" <[EMAIL PROTECTED]> wrote in message 
> > news:[EMAIL PROTECTED]
> > >I tested out my application on 5.5.12 yesterday and
> noticed one small
> > >anomally. I had a JSP in my sitemesh decorator "default.jsp" that 
> > >ends up  wrapping the login page for container managed 
> > >authentication. This page  had  a statement
> > >    String  _userAgent =
> > >request.getHeader("user-agent").toLowerCase();
> > >
> > > It gets a null-pointer exception in 5.5.12, but under
> 5.5.9 it runs
> fine.
> > > In
> > > 5.5.12, after the login succeeds then the user-agent
> headers appear
> > > to be there just fine, but not on the initial login page.
> > >
> > > Is this a known issue?
> > >
> >
> > It's certainly not a known issue.  It would help a lot if you could 
> > tell us which Connector you are using at the time (e.g. HTTP/1.1, 
> > HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR).
> >
> > > Thank you - Richard
> > >
> >
> >
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to