Code
wro4j - issue #872
ResourceProxyRequestHandler throwing UnauthorizedRequestException when resource uri contains question mark and pound
Using version 1.7.5 similar to issue 826 with some slight differences.
My authorizedResources looks like
[classpath:META-INF/resources/js/respond.min.js, classpath:META-INF/resources/js/html5shiv.js, classpath:META-INF/resources/fonts/fontawesome-webfont.eot?v=4.0.3, classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot, classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?#iefix, classpath:srj-jquery/jquery-1.11.0.min.js, classpath:META-INF/resources/fonts/fontawesome-webfont.eot?#iefix&v=4.0.3, classpath:META-INF/resources/img/kroger-logo.png, classpath:META-INF/resources/js/bootstrap.min.js, classpath:META-INF/resources/img/kroger-logo.gif, classpath:META-INF/resources/fonts/glyphicons-halflings-regular.ttf, classpath:META-INF/resources/fonts/fontawesome-webfont.ttf?v=4.0.3, classpath:META-INF/resources/fonts/glyphicons-halflings-regular.woff, classpath:META-INF/resources/fonts/fontawesome-webfont.svg?v=4.0.3#fontawesomeregular, classpath:META-INF/resources/fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular, classpath:META-INF/resources/fonts/fontawesome-webfont.woff?v=4.0.3, classpath:META-INF/resources/css/kroger-bootstrap-styles.css]
request coming in is looking for classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot? because of issue 826 it removed #iefix to match in the authorizedResources
2014-04-29 13:47:51,126 DEBUG [ro.isdc.wro.http.handler.ResourceProxyRequestHandler] - <[FAIL] Unauthorized proxy resource: classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?> 2014-04-29 13:47:51,126 DEBUG [ro.isdc.wro.WroRuntimeException] - <Unauthorized resource request detected: classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot?> 2014-04-29 13:47:51,130 DEBUG [ro.isdc.wro.http.WroFilter] - <Exception occured> ro.isdc.wro.http.support.UnauthorizedRequestException: Unauthorized resource request detected: classpath:META-INF/resources/fonts/glyphicons-halflings-regular.eot? at ro.isdc.wro.http.handler.ResourceProxyRequestHandler.verifyAccess(ResourceProxyRequestHandler.java:128) ~[wro4j-core-1.7.5.jar:1.7.5] at ro.isdc.wro.http.handler.ResourceProxyRequestHandler.handle(ResourceProxyRequestHandler.java:69) ~[wro4j-core-1.7.5.jar:1.7.5] at ro.isdc.wro.http.handler.LazyRequestHandlerDecorator.handle(LazyRequestHandlerDecorator.java:46) ~[wro4j-core-1.7.5.jar:1.7.5] at ro.isdc.wro.http.WroFilter.handledWithRequestHandler(WroFilter.java:328) ~[wro4j-core-1.7.5.jar:1.7.5] at ro.isdc.wro.http.WroFilter.doFilter(WroFilter.java:289) ~[wro4j-core-1.7.5.jar:1.7.5] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.42.A] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.42.A] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.authentication.switchuser.SwitchUserFilter.doFilter(SwitchUserFilter.java:181) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at com.kroger.commons.security.siteminder.SiteMinderAuthenticationProcessingFilter$RedirectDetectFilterChain.doFilter(SiteMinderAuthenticationProcessingFilter.java:155) [kroger-security-3.0.0.jar:na] at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:94) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at com.kroger.commons.security.siteminder.SiteMinderAuthenticationProcessingFilter.doFilter(SiteMinderAuthenticationProcessingFilter.java:126) [kroger-security-3.0.0.jar:na] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter.doFilter(AbstractPreAuthenticatedProcessingFilter.java:94) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.2.1.RELEASE.jar:3.2.1.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.2.RELEASE.jar:4.0.2.RELEASE] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) [catalina.jar:7.0.42.A] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) [catalina.jar:7.0.42.A] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) [catalina.jar:7.0.42.A] at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:123) [catalina.jar:7.0.42.A] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java) [catalina.jar:7.0.42.A] at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45) [tomee-catalina-1.6.0.jar:1.6.0] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:7.0.42.A] at org.apache.catalina.core.StandardHostValve.__invoke(StandardHostValve.java:171) [catalina.jar:7.0.42.A] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java) [catalina.jar:7.0.42.A] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) [catalina.jar:7.0.42.A] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) [catalina.jar:7.0.42.A] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) [catalina.jar:7.0.42.A] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) [catalina.jar:7.0.42.A] at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023) [tomcat-coyote.jar:7.0.42.A] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) [tomcat-coyote.jar:7.0.42.A] at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) [tomcat-coyote.jar:7.0.42.A] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_51] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_51] at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
Comment #1
Posted on Apr 29, 2014 by Massive Monkey(No comment was entered for this change.)
Comment #2
Posted on May 28, 2014 by Massive MonkeyFixed in branch 1.7.x
Comment #3
Posted on Jun 18, 2014 by Massive Monkey(No comment was entered for this change.)
Status: Fixed
Labels:
Type-Defect
Priority-Medium
Milestone-Release-1.7.6