On 13/08/2010 11:52, Hans Wahn wrote: > Thanks for looking into this issue. > >> What is the exact header & body of the 302 redirect from Tomcat in #2? > > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - << "HTTP/1.1 302 Moved > Temporarily[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - << "Server: > Apache-Coyote/1.1[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - << "Location: > http://localhost:8080/test/secure/[EOL]"; > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - << "Content-Length: 0[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - << "Date: Thu, 12 Aug 2010 > 18:20:17 GMT[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - << "[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] headers - << HTTP/1.1 302 Moved > Temporarily > 2010/08/12 20:20:17:750 CEST [DEBUG] headers - << Server: Apache-Coyote/1.1 > 2010/08/12 20:20:17:750 CEST [DEBUG] headers - << Location: > http://localhost:8080/test/secure/ > 2010/08/12 20:20:17:750 CEST [DEBUG] headers - << Content-Length: 0 > 2010/08/12 20:20:17:750 CEST [DEBUG] headers - << Date: Thu, 12 Aug > 2010 18:20:17 GMT > > >> Given that the client performs steps 3 & 4, can you check what's being >> *sent* by the client, not what's being received by Tomcat? > > Client sent data step3 (request redirect uri): > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "POST /test/secure/ > HTTP/1.1[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "Content-Length: 18[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "Content-Type: > application/x-www-form-urlencoded; charset=UTF-8[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "Host: localhost:8080[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "Connection: Keep-Alive[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "User-Agent: > Apache-HttpClient/4.0.1 (java 1.5)[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "Expect: 100-Continue[EOL]" > 2010/08/12 20:20:17:750 CEST [DEBUG] wire - >> "Cookie: > JSESSIONID=DA224C1B02E94524187858267D70A830[EOL]" > 2010/08/12 20:20:17:765 CEST [DEBUG] wire - >> "Cookie2: $Version=1[EOL]" > 2010/08/12 20:20:17:765 CEST [DEBUG] wire - >> "[EOL]" > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> POST /test/secure/ HTTP/1.1 > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Content-Length: 18 > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Content-Type: > application/x-www-form-urlencoded; charset=UTF-8 > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Host: localhost:8080 > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Connection: Keep-Alive > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> User-Agent: > Apache-HttpClient/4.0.1 (java 1.5) > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Expect: 100-Continue > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Cookie: > JSESSIONID=DA224C1B02E94524187858267D70A830 > 2010/08/12 20:20:17:765 CEST [DEBUG] headers - >> Cookie2: $Version=1 > 2010/08/12 20:20:17:781 CEST [DEBUG] wire - << "HTTP/1.1 100 Continue[EOL]" > 2010/08/12 20:20:17:781 CEST [DEBUG] wire - << "[EOL]" > 2010/08/12 20:20:17:781 CEST [DEBUG] headers - << HTTP/1.1 100 Continue > 2010/08/12 20:20:17:781 CEST [DEBUG] wire - >> "testName=testValue" > 2010/08/12 20:20:17:781 CEST [DEBUG] wire - << "HTTP/1.1 200 OK[EOL]" > .... > > Client sent data step4 (re-requesting the same uri): > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "POST /test/secure/ > HTTP/1.1[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Content-Length: 18[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Content-Type: > application/x-www-form-urlencoded; charset=UTF-8[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Host: localhost:8080[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Connection: Keep-Alive[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "User-Agent: > Apache-HttpClient/4.0.1 (java 1.5)[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Expect: 100-Continue[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Cookie: > JSESSIONID=A5FB87E6199EADB2AB18010DA295EC99[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "Cookie2: $Version=1[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> POST /test/secure/ HTTP/1.1 > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Content-Length: 18 > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Content-Type: > application/x-www-form-urlencoded; charset=UTF-8 > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Host: localhost:8080 > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Connection: Keep-Alive > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> User-Agent: > Apache-HttpClient/4.0.1 (java 1.5) > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Expect: 100-Continue > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Cookie: > JSESSIONID=A5FB87E6199EADB2AB18010DA295EC99 > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - >> Cookie2: $Version=1 > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - << "HTTP/1.1 100 Continue[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - << "[EOL]" > 2010/08/12 20:20:17:796 CEST [DEBUG] headers - << HTTP/1.1 100 Continue > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - >> "testName=testValue" > 2010/08/12 20:20:17:796 CEST [DEBUG] wire - << "HTTP/1.1 501 Not > Implemented[EOL]" > ... > > >> Are you sure the client isn't making that error? >> What is the client code which makes the request here? > > I'm not entirely sure about the client code, but posted it to the > HTTPComponents list and regarding the logs provided above, the client > behaviour seems to be ok. My client code is the following: > > //SOURCE START > DefaultHttpClient httpclient = new DefaultHttpClient(); > HttpPost httpost = new HttpPost(new > URI("http://localhost:8080/test/secure/";)); > List <NameValuePair> nvps = new ArrayList <NameValuePair>(); > nvps.add(new BasicNameValuePair("j_username", "tomcat")); > nvps.add(new BasicNameValuePair("j_password", "tomcat")); > httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); > HttpResponse response = httpclient.execute(httpost); > System.out.println("Response Status: " + response.getStatusLine()); > response.getEntity().consumeContent(); > httpost.setURI(new > URI("http://localhost:8080/test/secure/j_security_check";)); > response = httpclient.execute(httpost); > HttpEntity entity = response.getEntity(); > System.out.println("Response Status: " + response.getStatusLine());
For the below, isn't there an alternative method of configuring the
client to automatically follow redirects?
p
> int code = response.getStatusLine().getStatusCode()/100;
> if(code == 3) {
> String location = response.getFirstHeader("location").getValue();
> System.out.println("==> REDIRECT to "+location);
> entity.consumeContent();
> httpost.setURI(new URI(location));
> List <NameValuePair> params = new ArrayList <NameValuePair>();
> params.add(new BasicNameValuePair("testName", "testValue"));
> httpost.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8));
> for(int i=0; i<5; i++) {
> response = httpclient.execute(httpost);
> System.out.println("Response Status: " + response.getStatusLine());
> entity = response.getEntity();
> entity.consumeContent();
> }
> }
> httpclient.getConnectionManager().shutdown();
> //SOURCE END
>
>
> best regards
> Hans
>
>
> 2010/8/13 Pid <[email protected]>:
>> On 13/08/2010 10:07, Hans Wahn wrote:
>>> Hello Tomcat-Users,
>>>
>>> I'm facing a strange issue when using HttpComponents with successive
>>> POST requests against a simple Tomcat 7 servlet (Form-based POST
>>> Authentication is enabled). After a sucessfull authentication, the
>>> client requests the same protected resource a few times in a row, but
>>> the second request always returns a "501 Method not implemented"
>>> status. All other requests succeed.
>>>
>>> The following communication takes place:
>>> 1. Client requests a protected resource; Tomcat returns the login page
>>> (HTTP200)
>>> 2. Client provides the user credentials and calls the login resource;
>>> Tomcat returns a redirect (HTTP302)
>>> 3. Client sets the location from the redirect for the next
>>> request(identical to URI from #1) and requests it; Tomcat returns the
>>> page (HTTP200)
>>> 4. Client requests the same resource again; Tomcat returns a HTTP501 -
>>> Method not implemented
>>> 5. Client requests the same resource again; Tomcat returns the page
>>> (HTTP200)
>>> 6. Client requests the same resource again; Tomcat returns the page
>>> (HTTP200)
>>> 7. Client requests the same resource again; Tomcat returns the page
>>> (HTTP200)
>>>
>>>
>>> The access log message regarding the 501 says:
>>> '"testName=testValuePOST /test/secure/ HTTP/1.1" 501 1278', which may
>>
>> What is the exact header & body of the 302 redirect from Tomcat in #2?
>>
>> Given that the client performs steps 3 & 4, can you check what's being
>> *sent* by the client, not what's being received by Tomcat?
>>
>> Are you sure the client isn't making that error?
>>
>> What is the client code which makes the request here?
>>
>>
>> p
>>
>>> indicate that the entity data and the HTTP-method name somehow got
>>> mixed up!? Strangely the HTTP501 does not appear in case of a JSP for
>>> the requested resource, only if facing a form-based POST
>>> authentication Servlet in Tomcat 7. The servlet does only implement
>>> post and get(which calls the doPost) and returns just a string. The
>>> client code should be fine since I already posted this issue on the
>>> HTTPComponents mailing list and the data sent over the wire seems to
>>> be right.
>>> I'd like to attach the zipped webapp dir along with the simple client
>>> souce code, but along with the HTTPComponents libraries it's ~450KB
>>> and I don't know the attachment policy of this list. How can I provide
>>> further helpfull information?
>>>
>>>
>>> Thanks for helping in advance
>>> best regards
>>> Hans
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
signature.asc
Description: OpenPGP digital signature
