OK - yes, it was lack of sleep that was causing the problem to not appear, I
was starting Tomcat 5.5.9 instead of 5.5.12, sorry :(
The problem is still there. I even took SiteMesh out of the picture, to make
sure it was not the problem (should of done that sooner).
Here are the steps:
1) Request a protected page form my app.
2) My CMA login page pops up, I enter userid and password.
3) This POST is issued when I submit it:
POST /stars/auth/ j_username=user1&j_password=password1&login=Login
4) HTTPLiveHeaders show all of the GET requests have a user-agent set
(I've included all 90 lines of them below).
5) My page that appears has the following code:
<%
String _userAgent = request.getHeader("user-agent");
out.write("USER-AGENT="+_userAgent);
...
6) And displays the following on my page:
USER-AGENT=null
Unless someone has other ideas I'm thinking it's a but in 5.5.12 at this
point and will post it to Bugzilla.
Thanks to Mark and others for their help.
- Richard
START OF HTTPLiveHeaders capture from the above POST:
http://smartfish:8080/stars/auth/
POST /stars/auth/ HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
j_username=user1&j_password=password1&login=Login
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location:
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/j_security_check?j_username=user1&j_password=fbc
e66f99c809283638f344ecb3d50674ea64189
GET
/stars/j_security_check?j_username=user1&j_password=fbce66f99c809283638f344e
cb3d50674ea64189 HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://smartfish:8080/stars/HomePage.do
Content-Length: 0
Date: Wed, 12 Oct 2005 16:33:46 GMT
----------------------------------------------------------
http://smartfish:8080/stars/HomePage.do
GET /stars/HomePage.do HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
HTTP/1.x 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en
Content-Length: 2989
Date: Wed, 12 Oct 2005 16:33:52 GMT
----------------------------------------------------------
http://smartfish:8080/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/
images/cm_fill.gif
GET
/stars/WEB-INF/pages/%3C%=request.getContextPath()%%3E/images/cm_fill.gif
HTTP/1.1
Host: smartfish:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.7.12)
Gecko/20050915 Firefox/1.0.7
Accept: image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://smartfish:8080/stars/HomePage.do
Cookie: JSESSIONID=3F6575A5957AC84BCC60FA878ED092A5.srv1; username=user1
HTTP/1.x 400 Invalid URI
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Wed, 12 Oct 2005 16:33:52 GMT
Connection: close
----------------------------------------------------------
-----Original Message-----
From: Richard Mixon [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 12, 2005 12:45 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat 5.5.12 and user-agent header
Mark,
Thanks - should have thought of that first. Now that I turned on
LiveHTTPHeaders, I cannot get it to fail. I was able to do this consistently
before.
Just to be sure, I'll try again tomorrow morning. Maybe its just late.
Thanks much - Richard
-----Original Message-----
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 6:14 PM
To: 'Tomcat Users List'; [EMAIL PROTECTED]
Subject: RE: Tomcat 5.5.12 and user-agent header
Have you looked at the headers between Tomcat and your UA? Is your UA
actually sending the UA header? If it is then it looks like a sitemesh
problem from what you have described. There are a range of tools for looking
at headers.
livehttpheaders is good, as is TcpMon which is distributed as part of Axis.
Mark
-----Original Message-----
From: Richard Mixon [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 12:00 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat 5.5.12 and user-agent header
Leon,
Thank you for the test - but I still get a null user-agent right after
the login. Here is a snippet of my code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@ include file="/common/taglibs.jspf"%>
<%@ page import="com.ltoj.common.Constants" %>
<html:html locale="true">
<head>
<%@ include file="/common/meta.jspf" %>
<title><decorator:title/></title>
<script type="text/javascript" src="<c:url
value='/scripts/environment.js'/>"></script>
<script type="text/javascript" src="<c:url
value='/scripts/util.js'/>"></script>
<script type="text/javascript" src="<c:url
value='/scripts/helptip.js'/>"></script>
<script type="text/javascript" src="<c:url
value='/scripts/tabs.js'/>"></script>
<script type="text/javascript" src="<c:url
value='/scripts/CalendarPopup.js'/>"></script>
<script type="text/javascript" src="<c:url
value='/scripts/chartWizard.js'/>"></script>
<link rel="stylesheet" type="text/css" media="all" href="<c:url
value='/styles/default.css'/>" />
<link rel="stylesheet" type="text/css" media="all" href="<c:url
value='/styles/messages.css'/>" />
<link rel="stylesheet" type="text/css" media="all" href="<c:url
value='/styles/tabs.css'/>" />
<decorator:head/>
<%
String _userAgent = request.getHeader("user-agent");
out.write("USER-AGENT='"+_userAgent+"'");
...
Here's the sequence:
1) I issue a request to this page.
2) CMA says "oh, that's protected" and shows my custom login page. I
get user-agent displayed fine:
USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
rv:1.7.12)
Gecko/20050915 Firefox/1.0.7'
3) But on the next page (the original target page of the request),
user-agent shows as null.
USER-AGENT='null'
I can refresh the page or go to any other page in my application and
the user agent is fine again.
The only thing a bit non-standard about this JSP page is that it is a
SiteMesh decorator page.
If I run the same test, same pages in Tomcat 5.5.9 I never get
user-agent of null.
Our application does check the user-agent header a good bit.
We use Select
lists with option groups - but some browsers do not support this so we
simulate it by indenting the select options ourselves.
Luckily all of this activity happens well after the initial login - so
we are safe, now that I changed the decorator to make sure user-agent
is not null before doing anything with it.
But it seems other applications might be affected by this - no?
Thanks again - Richard
-----Original Message-----
From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 09, 2005 1:45 PM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: Re: Tomcat 5.5.12 and user-agent header
Hmm, I downloaded 5.5.12 and tried the agent-header specific code with
it:
public void processLogin(User user, HttpServletRequest req,
HttpServletResponse res) {
StringBuffer info = new StringBuffer();
info.append("login ");
info.append(user.getUserName());
info.append(" [");
info.append(user.getUserId().getPlainPresentation());
info.append("] ");
info.append(user.getEmail());
info.append(" ");
info.append(UserHelper.getGenderDescription(user.getGender()));
info.append(" ");
info.append(UserHelper.getStatusDescription(user.getMembership
Status()));
info.append(" ");
info.append(req.getRemoteAddr());
info.append(" / ");
info.append(req.getRemoteHost());
info.append(" Agent: ");
info.append(req.getHeader("user-agent"));
log.info(info);
}
outcome was:
2005-10-08 15:36:50,453 INFO - login leon [6] [EMAIL PROTECTED] male premium
127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0;
en-US;
rv:1.7) Gecko/20040626 Firefox/0.8
which I think was same behaviour as before.
I took tomcat out of the box (5.5.12 tar.gz) and only changed the http
port.
regards
leon
On 10/8/05, Richard Mixon <[EMAIL PROTECTED]> wrote:
I am just using the standard HTTP connector. This is on my
development
workstation so I don't normally run JK and Apache, except for final
testing.
On the developer list I did see one mention of user-agent
header, but
on closer inspection it appeared to be for a completely
different issue.
Thanks - Richard
-----Original Message-----
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker
Sent: Friday, October 07, 2005 10:13 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: Tomcat 5.5.12 and user-agent header
"Richard Mixon" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I tested out my application on 5.5.12 yesterday and
noticed one small
anomally. I had a JSP in my sitemesh decorator "default.jsp" that
ends up wrapping the login page for container managed
authentication. This page had a statement
String _userAgent =
request.getHeader("user-agent").toLowerCase();
It gets a null-pointer exception in 5.5.12, but under
5.5.9 it runs
fine.
In
5.5.12, after the login succeeds then the user-agent
headers appear
to be there just fine, but not on the initial login page.
Is this a known issue?
It's certainly not a known issue. It would help a lot if you could
tell us which Connector you are using at the time (e.g. HTTP/1.1,
HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR).
Thank you - Richard
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]