Summary: | IllegalStateException: calling HttpServletResponse#sendRedirect() with RemoteIpFilter | ||
---|---|---|---|
Product: | Tomcat 8 | Reporter: | Cristian Klein <cristiklein> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 8.0.x-trunk | ||
Target Milestone: | ---- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | stacktrace of error |
Description
Cristian Klein
2015-11-26 11:52:10 UTC
Forgot to mention, this bug is not triggered with Eclipse's servlet engine (I think Jetty), but only occurs when the servlet is deployed on Tomcat. Using relative redirects (see bug 56917) should make this fixable. Thanks for the report. This has been fixed in 9.0.x (for 9.0.0.M2), 8.0.x (for 8.0.30) and 7.0.x (for 7.0.67). 6.0.x was not affected. Thanks for the fix. I'm not sure to understand how the fix helps. What line or what mechanism rewrites the scheme from `http` to `https`? The scheme isn't re-written. If you redirect using an absolute URI with a specific scheme then that is what you get. If you want the scheme to be "rewritten"/correct then use a relative redirect. Are you sure this works? The "Location" header eventually has to contain the absolute URL. [1] If this is left to the "non-RemoteIpFilter" code, wouldn't the scheme be filled incorrectly? [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html RFC2616 is obsolete. See RFC7231. Is there a reason why one uses RemoteIpFilter ? There exists a RemoteIpValve that can be used instead. 1. There are redirects that are performed before a request reaches the filter. E.g. when using a FORM authentication (FormAuthenticator) It cannot be solved by using a filter. One has to use RemoteIpValve here. 2. There is an edge case. It is allowed to call sendRedirect() with an absolute URL. With simple implementation (using relative redirects) it won't be rewritten. You have to bear with it (such calls are unlikely) or duplicate a lot of code from o.a.c.connector.Response.sendRedirect() to implement this feature. I'm confused. I thought `RemoteIpValve` was deprecated in favour of `RemoteIpFilter`. Otherwise, I feel they both serve the same purpose. |