Uploaded image for project: 'Single Sign On'
  1. Single Sign On
  2. MGNLSSO-271

SsoRedirectClient callback should not kick in for APP/global

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Neutral
    • saas, 3.1.4
    • None
    • None
    • None

    Description

      Steps to reproduce

      The issue can be reproducible on both DX-Core and SaaS environment, it might work when click on the "Download asset" action in Asset app.

      1. Login into the Admincentral of the subscription
      2. Go to the Asset app and download one of the asset
      3. Copy the Link address via the downloaded asset, it will looks like this: https://author-izmvc9fam2ugb8r1.beta.de.magnolia-cloud.com/.magnolia/admincentral/APP/global/0/legacy/0/Screenshot+from+2023-04-25+12-54-10.png
      4. Log out from the subscription
      5. Enter the Asset download link above to the browser
      6. Go through the login screen normally
      7. Can't download the asset and see the error page instead

      25-Apr-2023 04:15:45.156 SEVERE [http-nio-8080-exec-3] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [] threw exception
              java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
                      at org.apache.catalina.connector.ResponseFacade.checkCommitted(ResponseFacade.java:530)
                      at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:371)
                      at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:127)
                      at info.magnolia.cms.security.SecurityCallbackFilter$StatusSniffingResponseWrapper.sendRedirect(SecurityCallbackFilter.java:169)
                      at info.magnolia.cms.security.auth.callback.RedirectClientCallback.handle(RedirectClientCallback.java:104)
                      at info.magnolia.cms.security.SecurityCallbackFilter.selectAndHandleCallback(SecurityCallbackFilter.java:105)
                      at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:86)
                      at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94)
                      at info.magnolia.sso.SsoLogoutFilter.doFilter(SsoLogoutFilter.java:47)
                      at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                      at info.magnolia.sso.SsoLoginFilter.lambda$doFilter$1(SsoLoginFilter.java:99)
                      at org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:141)
                      at info.magnolia.sso.SsoLoginFilter.doFilter(SsoLoginFilter.java:79)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                      at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.UnicodeNormalizationFilter.doFilter(UnicodeNormalizationFilter.java:89)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81)
                      at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:155)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.fastly.filter.FastlySurrogateFilter.doFilter(FastlySurrogateFilter.java:55)
                      at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.config.source.contextual.filter.EnvironmentContextFilter.doFilter(EnvironmentContextFilter.java:76)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79)
                      at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:75)
                      at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85)
                      at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107)
                      at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
                      at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:110)
                      at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:96)
                      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
                      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
                      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
                      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
                      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
                      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
                      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
                      at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
                      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
                      at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:768)
                      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
                      at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389)
                      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
                      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
                      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
                      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
                      at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
                      at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
                      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                      at java.base/java.lang.Thread.run(Thread.java:829) 

      Proposed solution

      Filter out the request in https://git.magnolia-cms.com/projects/ENTERPRISE/repos/magnolia-sso/browse/magnolia-sso/src/main/java/info/magnolia/sso/pac4j/RedirectHelper.java#18,21

      by adding "APP/global" into the check that it's Vaadin request.

      Checklists

        Acceptance criteria

        Attachments

          There are no Sub-Tasks for this issue.

          Activity

            People

              efochr Evzen Fochr
              efochr Evzen Fochr
              AdminX
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Work Started:

                Checklists

                  Bug DoR
                  Task DoD