Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-271

SsoRedirectClient callback should not kick in for APP/global

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • saas, 3.1.4
    • None
    • None
    • None
    • AdminX 34
    • 0.5
    • Yes

      Steps to reproduce

      The issue can be reproducible on both DX-Core and SaaS environment, it might work when click on the "Download asset" action in Asset app.

      1. Login into the Admincentral of the subscription
      2. Go to the Asset app and download one of the asset
      3. Copy the Link address via the downloaded asset, it will looks like this: https://author-izmvc9fam2ugb8r1.beta.de.magnolia-cloud.com/.magnolia/admincentral/APP/global/0/legacy/0/Screenshot+from+2023-04-25+12-54-10.png
      4. Log out from the subscription
      5. Enter the Asset download link above to the browser
      6. Go through the login screen normally
      7. Can't download the asset and see the error page instead

      25-Apr-2023 04:15:45.156 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [] threw exception
        java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
                at org.apache.catalina.connector.ResponseFacade.checkCommitted(ResponseFacade.java:530)
                at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:371)
                at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:127)
                at info.magnolia.cms.security.SecurityCallbackFilter$StatusSniffingResponseWrapper.sendRedirect(SecurityCallbackFilter.java:169)
                at info.magnolia.cms.security.auth.callback.RedirectClientCallback.handle(RedirectClientCallback.java:104)
                at info.magnolia.cms.security.SecurityCallbackFilter.selectAndHandleCallback(SecurityCallbackFilter.java:105)
                at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:86)
                at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
                at info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:47)
                at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.sso.SsoLoginFilter.lambda$doFilter$1(SsoLoginFilter.java:99)
                at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:141)
                at info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:89)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.fastly.filter.FastlySurrogateFilter.doFilter(FastlySurrogateFilter.java:55)
                at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.config.source.contextual.filter.EnvironmentContextFilter.doFilter(EnvironmentContextFilter.java:76)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75)
                at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
                at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
                at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110)
                at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
                at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:768)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
                at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
                at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:829)

      Proposed solution

      Filter out the request in https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso/src/main/java/info/magnolia/sso/pac4j/RedirectHelper.java#18,21

      by adding "APP/global" into the check that it's Vaadin request.

        Acceptance criteria

          1. image-2023-04-26-10-21-26-285.png
            208 kB
            Nguyen Phung Chi
          1.
          		 Implementation Technical task Completed Evzen Fochr
          2.
          		 Review Technical task Closed Nguyen Phung Chi
          3.
          		 PiQA Technical task Closed Nguyen Phung Chi
          4.
          		 Final QA Technical task Completed Nguyen Phung Chi

              efochr Evzen Fochr
              efochr Evzen Fochr
              AdminX
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved:
                Work Started: