Details
-
Type: Bug
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: 1.8.2
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Java 1.6
Tomcat 6.0.24
JSF 1.2_13-b01-FCS
Internet Explorer 9.0.8112.16421
Description
We are using WAFFLE to grab the current user. The WAFFLE filter is configured for a certain servlet only. This servlet redirects to the applications start page (ICEfaces on Facelets).
Since WAFFLE did a authentication negotiation before, the browser sometimes "attaches" a NTLM token with requests to the same domain (every 2nd ping, as far as I've seen). Then, an ICEfaces heartbeat "ping" looks like this:
POST http://localhost:8080/ValveTest/block/ping HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:8080/ValveTest/Default.xhtml
Accept-Language: de
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: localhost:8080
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=236126E6E7DA8C3125D6DF138E77DFA7; ice.sessions=G2KwKiaIY9cVY0_k0kymZQ#1; updates=; ice.lease=1319796324453; bconn=G2KwKiaIY9cVY0_k0kymZQ:3:acquired
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogcABwArAAAAAwADACgAAAAGAbAdAAAAD1NFUkNPTk5FQ1Q=
Which returns
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Fri, 28 Oct 2011 10:05:23 GMT
The ICEfaces console shows the impact of this uncomplete request:
[window.G2Kw#3.async-connection.heartbeat] : ping
[window.G2Kw#3.async-connection.ui] : [8398363] : send asynchronous POST
[window.G2Kw#3.async-connection.ui] : [8398363] : receive [200] OK
[window.G2Kw#3] : unknown content in response
[window.G2Kw#3.async-connection.ui] : [8398363] : connection closed
[window.G2Kw#3.async-connection.blocking] : [849316] : receive [200] OK
[window.G2Kw#3.async-connection] : closing previous connection...
[window.G2Kw#3.async-connection.blocking] : [849316] : connection closed
[window.G2Kw#3.async-connection] : connect...
[window.G2Kw#3.async-connection.blocking] : [4186565] : send asynchronous POST
[window.G2Kw#3.async-connection.heartbeat] : pong lost
[window.G2Kw#3] : connection in trouble
When the browser is not sending the NTLM token - and everything works.
Request:
POST http://localhost:8080/ValveTest/block/ping HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:8080/ValveTest/Default.xhtml
Accept-Language: de
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: localhost:8080
Content-Length: 72
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=236126E6E7DA8C3125D6DF138E77DFA7; ice.sessions=G2KwKiaIY9cVY0_k0kymZQ#1; updates=; ice.lease=1319796874746; bconn=G2KwKiaIY9cVY0_k0kymZQ:3:acquired
ice.session=G2KwKiaIY9cVY0_k0kymZQ&ice.view=3&rand=0.07857452067597414
Respone:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: text/xml;charset=UTF-8
Content-Length: 9
Date: Fri, 28 Oct 2011 10:14:33 GMT
<noop/>
Good pings have the "ice.session" header and no NTLM token, bad pings vice versa.
Since WAFFLE did a authentication negotiation before, the browser sometimes "attaches" a NTLM token with requests to the same domain (every 2nd ping, as far as I've seen). Then, an ICEfaces heartbeat "ping" looks like this:
POST http://localhost:8080/ValveTest/block/ping HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:8080/ValveTest/Default.xhtml
Accept-Language: de
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: localhost:8080
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=236126E6E7DA8C3125D6DF138E77DFA7; ice.sessions=G2KwKiaIY9cVY0_k0kymZQ#1; updates=; ice.lease=1319796324453; bconn=G2KwKiaIY9cVY0_k0kymZQ:3:acquired
Authorization: NTLM TlRMTVNTUAABAAAAB7IIogcABwArAAAAAwADACgAAAAGAbAdAAAAD1NFUkNPTk5FQ1Q=
Which returns
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 0
Date: Fri, 28 Oct 2011 10:05:23 GMT
The ICEfaces console shows the impact of this uncomplete request:
[window.G2Kw#3.async-connection.heartbeat] : ping
[window.G2Kw#3.async-connection.ui] : [8398363] : send asynchronous POST
[window.G2Kw#3.async-connection.ui] : [8398363] : receive [200] OK
[window.G2Kw#3] : unknown content in response
[window.G2Kw#3.async-connection.ui] : [8398363] : connection closed
[window.G2Kw#3.async-connection.blocking] : [849316] : receive [200] OK
[window.G2Kw#3.async-connection] : closing previous connection...
[window.G2Kw#3.async-connection.blocking] : [849316] : connection closed
[window.G2Kw#3.async-connection] : connect...
[window.G2Kw#3.async-connection.blocking] : [4186565] : send asynchronous POST
[window.G2Kw#3.async-connection.heartbeat] : pong lost
[window.G2Kw#3] : connection in trouble
When the browser is not sending the NTLM token - and everything works.
Request:
POST http://localhost:8080/ValveTest/block/ping HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://localhost:8080/ValveTest/Default.xhtml
Accept-Language: de
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: localhost:8080
Content-Length: 72
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=236126E6E7DA8C3125D6DF138E77DFA7; ice.sessions=G2KwKiaIY9cVY0_k0kymZQ#1; updates=; ice.lease=1319796874746; bconn=G2KwKiaIY9cVY0_k0kymZQ:3:acquired
ice.session=G2KwKiaIY9cVY0_k0kymZQ&ice.view=3&rand=0.07857452067597414
Respone:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: text/xml;charset=UTF-8
Content-Length: 9
Date: Fri, 28 Oct 2011 10:14:33 GMT
<noop/>
Good pings have the "ice.session" header and no NTLM token, bad pings vice versa.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Simon Erhardt
created issue -