Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jetty HTTP SPI redirects SOAP POST requests to GET requests if URL does not end with / #10699

Closed
AlexanderSchuetz97 opened this issue Oct 10, 2023 · 2 comments · Fixed by #10710
Closed

Jetty HTTP SPI redirects SOAP POST requests to GET requests if URL does not end with / #10699

AlexanderSchuetz97 opened this issue Oct 10, 2023 · 2 comments · Fixed by #10710
Assignees
@lorban
Labels
Bug For general bugs on Jetty side
Milestone
12.0.x

Comments

@AlexanderSchuetz97
Copy link

AlexanderSchuetz97 commented Oct 10, 2023
edited by joakime
Loading

Jetty version(s)
12.0.2

Jetty Environment
ee10+http SPI+jaxws(SOAP)

Java version/vendor (use: java -version)
17 (does not matter, broken with any java 17 version)

OS type/version
windows 11

Description
I use Jetty Http SPI to host a soap server and the soap server has to have many different endpoint WSDL's
for example 1 endpoint is located at
http://localhost:12345/endpointA
the next may be at
http://localhost:12345/endpointB
These endpoints are published via
javax.xml.ws.Endpoint.publish("http://localhost:12345/endpointA",....)

If a SOAP client now sends a post request to a endpointA Jetty redirects it to
http://localhost:12345/endpointA/
This is not a problem, the soap client obliges but the soap client then repeats the request with a GET instead of a
POST. This causes jaxws to respond with the WSDL instead of actually calling the endpoint.

If the soap client directly makes its request to "http://localhost:12345/endpointA/" with a slash at the end
it all works out and the endpoint is called all good.

With Jetty 11.0.16 the soap client could call either http://localhost:12345/endpointA/ or http://localhost:12345/endpointA
I did not change the versions of any of the soap libraries when updating jetty from 11.0.16 to 12.0.2

In my opinon jetty should not redirect
http://localhost:12345/endpointA to http://localhost:12345/endpointA/
http://localhost:12345/endpointA should just call the endpoint like it did with jetty 11

The server is started in embeeded mode:

Server server = new Server(new DelegatingThreadPool(...));
//Http 1.1 connector... that binds to port 12345
ContextHandlerCollection ctxh = new ContextHandlerCollection(true);
server.setHandler(ctxh)
System.setProperty("com.sun.net.httpserver.HttpServerProvider", JettyHttpServerProvider.class.getName());
JettyHttpServerProvider.setServer(server);
javax.xml.ws.Endpoint.publish("http://localhost:12345/endpointA",....)
javax.xml.ws.Endpoint.publish("http://localhost:12345/endpointB",....)
if (!ctxh.isStarted() && !ctxh.isStarting()) {
    ctxh.start();
}
if (!server.isStarted() && !server.isStarting()) {
    server.start();
}

This behavior of the redirect also occurs with just 1 endpoint.
The redirect can also be observed in a plain web browser, soap client is not even "needed".

It is also very much possible that i am simply making some mistake here, like some property that now has to be set that I have not set...

Soap libraries used:

api("javax.jws:javax.jws-api:1.1")
api("javax.xml.ws:jaxws-api:2.3.1")
api("com.sun.xml.ws:jaxws-rt:2.3.2")
api("com.sun.xml.bind:jaxb-impl:2.3.3-b02")
api("org.glassfish.pfl:pfl-basic:4.0.1")
api("org.glassfish.pfl:pfl-asm:4.0.1")

JVM args needed to make it work:
jvmArgs = listOf(
        "--add-opens", "java.base/java.lang=ALL-UNNAMED",
        "--add-opens", "java.base/java.io=ALL-UNNAMED",
        "--add-opens", "java.management/javax.management.openmbean=ALL-UNNAMED",
        "--add-opens", "java.management/javax.management=ALL-UNNAMED",
        "--add-opens", "java.base/java.lang.reflect=ALL-UNNAMED",
);

How to reproduce?
see above
@AlexanderSchuetz97 AlexanderSchuetz97 added the Bug For general bugs on Jetty side label Oct 10, 2023
lorban added a commit that referenced this issue Oct 11, 2023
@lorban
#10699 add jax-ws reproducer test
e817b62 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
lorban added a commit that referenced this issue Oct 11, 2023
@lorban
#10699 allow POSTing with a URL not ending with '/' to jax-ws endpoints
170955a 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
@lorban lorban self-assigned this Oct 11, 2023
@lorban lorban added this to the 12.0.x milestone Oct 11, 2023
@lorban lorban moved this to 🏗 In progress in Jetty 12.0.3 Oct 11, 2023
@lorban lorban mentioned this issue Oct 11, 2023
Merged
@lorban lorban linked a pull request Oct 11, 2023 that will close this issue
Allow POSTing with a URL not ending with '/' to jax-ws endpoints #10710
Merged
@lorban
Copy link
Contributor

lorban commented Oct 11, 2023

Thanks for the report, and you are entirely correct; this is a bug that was introduced in Jetty 12.

I've created a pull request that fixes this problem: #10710
If you can, could you please try to build that branch locally and see if it fixes the problem on your side?

Thanks!

lorban added a commit that referenced this issue Oct 12, 2023
@lorban
#10699 configure surefire's JPMS command line to fix test
4ae40d6 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
@joakime joakime moved this to 🏗 In progress in Jetty 12.0.3 - FROZEN Oct 12, 2023
@AlexanderSchuetz97
Copy link
Author

AlexanderSchuetz97 commented Oct 13, 2023
edited
Loading

Hello,

ive taken a look at your pull request and it appears to me you only changed
setAllowNullPathInContext(true);
in HttpSpiContextHandler

Building and integrating your branch would sadly have taken way to much time as the build system i am using for the soap project requires me to have all dependencies available in a external maven repository.
For future issues, do you perhaps have some development "repository" that you could publish such "build" from branches into?
Im also sure that this could be automated by CI.
This would make testing your changes for me and surely a lot of other developers much easier.

To test your changes I have just set a breakpoint before super.setHandler (line 48 in jetty 12.0.2) and ran setAllowNullPathInContext(true); in a debugger evaluation.
This appears to have indeed done the job. The soap client now connects without / at the end.
Thanks for the fix!

Looking forward to jetty 12.0.3.
Since there is a workaround (just append / to URL) its not a showstopper for me until I have to actually ship the software to the customers.

Sincerely
Alexander Schütz

lorban added a commit that referenced this issue Oct 13, 2023
@lorban
#10699 use non-static setup and teardown
68797d9 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
lorban added a commit that referenced this issue Oct 17, 2023
@lorban
Allow POSTing with a URL not ending with '/' to jax-ws endpoints (#10710
674a1ac 
)

* #10699 allow POSTing with a URL not ending with '/' to jax-ws endpoints

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
@lorban lorban closed this as completed Oct 17, 2023
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Jetty 12.0.3 - FROZEN Oct 17, 2023
@gregw gregw moved this from 🏗 In progress to ✅ Done in Jetty 12.0.3 Oct 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lorban lorban

Labels
Bug For general bugs on Jetty side
Projects
No open projects
Jetty 12.0.3 - FROZEN
Status: ✅ Done
Milestone
12.0.x
Development

Successfully merging a pull request may close this issue.

Allow POSTing with a URL not ending with '/' to jax-ws endpoints jetty/jetty.project
2 participants
@lorban @AlexanderSchuetz97