Issue #1284: pkispawn URL redirect issue - dogtagpki

dogtagpki

#1284 pkispawn URL redirect issue

Closed: Fixed None Opened 9 years ago by mharmsen.

At the end of pkispawn, it issues something similar to the following line:

The URL for the subsystem is:
      https://pki.example.com:8443/ca

On previous versions of the product, when one placed this URL into a browser, they were redirected to https://pki.example.com:8443/ca/services.

However, on Fedora 21 using the following packages, I received the following:

HTTP Status 500 - java.lang.NullPointerException

type Exception report

message java.lang.NullPointerException

description The server encountered an internal error that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: java.lang.NullPointerException
    org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:549)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:470)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    java.lang.reflect.Method.invoke(Method.java:483)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:308)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:168)
    java.security.AccessController.doPrivileged(Native Method)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    java.lang.reflect.Method.invoke(Method.java:483)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:308)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:248)

root cause

java.lang.NullPointerException
    org.apache.jsp.index_jsp._jspService(index_jsp.java:175)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    sun.reflect.GeneratedMethodAccessor35.invoke(Unknown Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    java.lang.reflect.Method.invoke(Method.java:483)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:308)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:168)
    java.security.AccessController.doPrivileged(Native Method)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    java.lang.reflect.Method.invoke(Method.java:483)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:276)
    org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:273)
    java.security.AccessController.doPrivileged(Native Method)
    javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
    org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:308)
    org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:248)

The following support packages were being utilized on an x86_64 Fedora 21 machine:

389-ds-base-1.3.3.8-1.fc21.x89_64
java-1.8.0-openjdk-1.8.0.31-b.b13.fc21.x86_64
tomcat-7.0.59-1.fc21.noarch
tomcatjss-7.1.1-1.fc21.noarch
jss-4.2.6-35.fc21.x86_64

PROPOSED SIMPLE FIX:

diff --git a/base/server/python/pki/server/deployment/pkimessages.py b/base/serv
index ecfbe5d..d1dfef2 100644
--- a/base/server/python/pki/server/deployment/pkimessages.py
+++ b/base/server/python/pki/server/deployment/pkimessages.py
@@ -354,7 +354,7 @@ PKI_CHECK_STATUS_MESSAGE = '''
             systemctl status pki-tomcatd@%s.service
 '''
 PKI_ACCESS_URL = "      The URL for the subsystem is: \n"\
-                 "            https://%s:%s/%s"
+                 "            https://%s:%s/%s/services"
 PKI_INSTANCE_RESTART_MESSAGE = \
     "      To restart the subsystem: \n"\
     "            systemctl restart pki-tomcatd@%s.service"

CAVEAT TO SIMPLE FIX: All PKI subsystems require a proper 'services' URL. For example:

Probably a better fix would be to determine why this URL no longer redirects as it did in previous versions of the product.

Proposed Milestone: 10.2.2 (SIMPLE FIX)

mharmsen commented 9 years ago

Update on this bug:

While installing the other subsystems (KRA, OCSP, TKS, and TPS), I discovered that TPS does not have a '/services' interface. Oddly enough, when I went back and tried to load things like "https://pki.example.com:8443/ca" and "https://pki.example.com:8443/kra", they no longer failed with an HTTP 500 error! The redirect worked just like it always did.

mharmsen commented 9 years ago

Per CS/DS meeting of 03/02/2015: 10.2.2 (Simple fix only)

mharmsen commented 9 years ago

Checked into 'master':

84610884fa52ad47599d2e78eaecb339f081b1ee

Metadata Update from @mharmsen:
- Issue assigned to mharmsen
- Issue set to the milestone: 10.2.2

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1846

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

mharmsen

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.2.2

lowhangingfruit

None

reporter

None

rhbz

None

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

Community

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

Installation/Configuration

proposedmilestone

None

dogtagpki

Source Code

#1284 pkispawn URL redirect issue Closed: Fixed None Opened 9 years ago by mharmsen.

Metadata

#1284 pkispawn URL redirect issue

Closed: Fixed None Opened 9 years ago by mharmsen.