-
Bug
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
AdminX 34
-
0.5
-
Yes
Steps to reproduce
The issue can be reproducible on both DX-Core and SaaS environment, it might work when click on the "Download asset" action in Asset app.
- Login into the Admincentral of the subscription
- Go to the Asset app and download one of the asset
- Copy the Link address via the downloaded asset, it will looks like this: https://author-izmvc9fam2ugb8r1.beta.de.magnolia-cloud.com/.magnolia/admincentral/APP/global/0/legacy/0/Screenshot+from+2023-04-25+12-54-10.png
- Log out from the subscription
- Enter the Asset download link above to the browser
- Go through the login screen normally
- Can't download the asset and see the error page instead
25-Apr-2023 04:15:45.156 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [] threw exception java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed at org.apache.catalina.connector.ResponseFacade.checkCommitted(ResponseFacade.java:530) at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:371) at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:127) at info.magnolia.cms.security.SecurityCallbackFilter$StatusSniffingResponseWrapper.sendRedirect(SecurityCallbackFilter.java:169) at info.magnolia.cms.security.auth.callback.RedirectClientCallback.handle(RedirectClientCallback.java:104) at info.magnolia.cms.security.SecurityCallbackFilter.selectAndHandleCallback(SecurityCallbackFilter.java:105) at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:86) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94) at info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:47) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.sso.SsoLoginFilter.lambda$doFilter$1(SsoLoginFilter.java:99) at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:141) at info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:89) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.fastly.filter.FastlySurrogateFilter.doFilter(FastlySurrogateFilter.java:55) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.config.source.contextual.filter.EnvironmentContextFilter.doFilter(EnvironmentContextFilter.java:76) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107) at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:768) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:829)
Proposed solution
Filter out the request in https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso/src/main/java/info/magnolia/sso/pac4j/RedirectHelper.java#18,21
by adding "APP/global" into the check that it's Vaadin request.
Acceptance criteria
1.
|
Implementation | Completed | Evzen Fochr | |
2.
|
Review | Closed | Nguyen Phung Chi | |
3.
|
PiQA | Closed | Nguyen Phung Chi | |
4.
|
Final QA | Completed | Nguyen Phung Chi |