|
Issue Type:
|
Bug
|
Affects Versions:
|
2.4.0
|
Assignee:
|
Andrea Aime
|
Components:
|
Security
|
Created:
|
07/Oct/13 10:22 AM
|
Description:
|
snippet for GeoServer 2.0 (btw 2.2 is the same):
bart-van-den-eijndens-macbook-pro:gxp bartvde$ curl --data ‘username=admin&password=xxxx’ “http://suite.opengeo.org/geoserver/j_spring_security_check” --verbose
- About to connect() to suite.opengeo.org port 80 (#0)
- Trying 184.154.70.215…
- connected
- Connected to suite.opengeo.org (184.154.70.215) port 80 (#0)
> POST /geoserver/j_spring_security_check HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
> Host: suite.opengeo.org
> Accept: /
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
>
- upload completely sent off: 29 out of 29 bytes
- HTTP 1.0, assume close after body
< HTTP/1.0 302 Moved Temporarily
< Date: Thu, 03 Oct 2013 21:06:50 GMT
< Server: Apache-Coyote/1.1
< Location: http://suite.opengeo.org/geoserver/web
< Content-Length: 0
< Set-Cookie: JSESSIONID=161D8384AAB1D71F27DD49716A86419E; Path=/geoserver
< Content-Type: text/plain
< X-Cache: MISS from localhost
< X-Cache-Lookup: MISS from localhost:3128
< Via: 1.0 suite.opengeo.org, 1.1 localhost:3128 (squid/2.7.STABLE9)
< Connection: close
<
- Closing connection #0
So basically the 302 response used to have the Set-Cookie header, but not anymore.
GeoServer 2.4, without -L:
bart-van-den-eijndens-macbook-pro:gxp bartvde$ curl --data “username=admin&password=geoserver” “http://localhost:8080/geoserver/j_spring_security_check” --verbose
- About to connect() to localhost port 8080 (#0)
- Trying ::1…
- connected
- Connected to localhost (::1) port 8080 (#0)
> POST /geoserver/j_spring_security_check HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
> Host: localhost:8080
> Accept: /
> Content-Length: 33
> Content-Type: application/x-www-form-urlencoded
>
- upload completely sent off: 33 out of 33 bytes
< HTTP/1.1 302 Found
< Location: http://localhost:8080/geoserver/web
< Content-Length: 0
< Server: Jetty(6.1.8)
<
- Connection #0 to host localhost left intact
- Closing connection #0
GeoServer 2.4 with -L :
bart-van-den-eijndens-macbook-pro:gxp bartvde$ curl --data “username=admin&password=geoserver” “http://localhost:8080/geoserver/j_spring_security_check” --verbose -L
- About to connect() to localhost port 8080 (#0)
- Trying ::1…
- connected
- Connected to localhost (::1) port 8080 (#0)
> POST /geoserver/j_spring_security_check HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
> Host: localhost:8080
> Accept: /
> Content-Length: 33
> Content-Type: application/x-www-form-urlencoded
>
- upload completely sent off: 33 out of 33 bytes
< HTTP/1.1 302 Found
< Location: http://localhost:8080/geoserver/web
< Content-Length: 0
< Server: Jetty(6.1.8)
<
- Connection #0 to host localhost left intact
- Issue another request to this URL: ‘http://localhost:8080/geoserver/web’
- Violate RFC 2616/10.3.3 and switch from POST to GET
- Re-using existing connection! (#0) with host (nil)
- Connected to (nil) (::1) port 8080 (#0)
> GET /geoserver/web HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
> Host: localhost:8080
> Accept: /
>
< HTTP/1.1 302 Found
< Location: http://localhost:8080/geoserver/web/;jsessionid=1wqm9pg9ek33w
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: JSESSIONID=1wqm9pg9ek33w;Path=/geoserver
< Content-Length: 0
< Server: Jetty(6.1.8)
<
- Connection #0 to host (nil) left intact
- Issue another request to this URL: ‘http://localhost:8080/geoserver/web/;jsessionid=1wqm9pg9ek33w’
- Re-using existing connection! (#0) with host (nil)
- Connected to (nil) (::1) port 8080 (#0)
> GET /geoserver/web/;jsessionid=1wqm9pg9ek33w HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
> Host: localhost:8080
> Accept: /
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Content-Language: en-US
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate, no-store
< Content-Length: 7899
< Server: Jetty(6.1.8)
<
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
|
Project:
|
GeoServer
|
Priority:
|
Major
|
Reporter:
|
Bart van den Eijnden
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)