Qu Vad

In general, the issue appears only in 'Protected View' mode. It looks like IE and Chrome add something to response in order to notify the Excel that the file comes from the Internet.

Hi,

in my application user is able to download an excel report. When user downloads xls using FF then encoding is fine and umlauts are shown correct. If user does the same in IE and Chrome then umlauts in xls are broken.

Excel report is generated in a servlet using Apache POI v3.10.1 and filled with the same data every time. But the xls files downloaded in FF and IE (or Chrome) are different.

Any idea why?


BTW, I tried to set encoding in response header
response.setHeader("Content-Type", "application/vnd.ms-excel; charset=UTF-8");
but no success.

I got a problem with OpenAM. Need a help.

I installed OpenAM and simply configured it as an IDP - set name and circle of trust. Then I added a remote SP by uploading SP metadata, see below

<?xml version="1.0" encoding="UTF-8"?> <EntitiesDescriptor Name="urn:mace:shibboleth:testshib:two" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" mlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <EntityDescriptor entityID="http://192.168.0.6:8080/employee/"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext"> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified </NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress </NameIDFormat> <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://192.168.0.6:8080/employee/" index="1" isDefault="true" /> </SPSSODescriptor> </EntityDescriptor> </EntitiesDescriptor>
SP and IDP are in the same Circle of Trust.

When I do SAML request for auth from SP to IDP, I get to login page of OpenAM with SAMLRequest=... as URL params. Decoded SAMLRequest is below

<samlp:AuthnRequest AssertionConsumerServiceURL="http://192.168.0.6:8080/employee/" Destination="http://192.168.0.7:8181/openam/" ForceAuthn="false" ID="ID_479ff8a2-8dc5-44b5-997f-0438a2d87417" IsPassive="false" IssueInstant="2015-01-07T13:31:01.067Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"> <saml:Issuer>http://192.168.0.6:8080/employee/</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /> </samlp:AuthnRequest>
Then i do login and come to user profile page in OpenAM, instead of redirect to SP. Why it happens? What should I configure to enable redirect back to SP?

Update. The list of attributes in error servlet is different in EAP6 and WF8

Attributes in WF8:

javax.servlet.error.message: Unauthorized
javax.servlet.error.status_code: 401
javax.servlet.error.servlet_name: default
javax.servlet.error.request_uri: /boom-portal/client/boom/index.htm

Attributes in EAP6:

javax.servlet.forward.request_uri: /boom-portal/client/boom/index.htm
javax.servlet.forward.context_path: /boom-portal
javax.servlet.forward.servlet_path: /client/boom/index.htm
javax.servlet.forward.path_info: /Error.error
javax.servlet.forward.query_string: i=1
javax.servlet.error.message:
javax.servlet.error.status_code: 401
javax.servlet.error.servlet_name: default
javax.servlet.error.request_uri: /boom-portal/client/boom/index.htm


Any idea why 'forward'-attributes are missing in WF8?

Jaikiran Pai, thanks for hint. According to https://issues.jboss.org/browse/UNDERTOW-322 I replaced modules websockets-jsr, servlet and core of Undertow by the newest version 1.2.0-Beta1. It did not fix the issue.

Chain of calls is the following (assume basic auth):

1. Call with js to url './client/boom/index.htm?i=1'.
2. Flow doesn't come to subclass of UsernamePasswordLoginModule because authorization required.
3. Flow comes to the error-servlet with

httpServletRequest.getAttribute("javax.servlet.error.status_code") == 401
httpServletRequest.getAttribute("javax.servlet.error.message") == Unauthorized

Here, in the error-servlet I need to get parameter i. Error-servlet is mapped in this way:

<servlet-mapping> <servlet-name>error</servlet-name> <url-pattern>*.error</url-pattern> </servlet-mapping> ... <error-page> <error-code>401</error-code> <location>/Error.error</location> </error-page>

Hi

I do migration from Jboss AS7 /EAP6 to Wildfly8 and would like to ask here for any hint about undertow, why it doesn't handle request parameters as catalina does in EAP6.
So, I make a request from client to url './client/boom/index.htm?i=1', it comes to an error servlet where I want to get value of parameter i
httpServletRequest.getParameter("i");
With EAP6 it returns 1, but with Wildfly8 it return null. Why?

Additional info. I have a security domain called 'boom' declared in jboss-web.xml
<jboss-web> <security-domain>boom</security-domain> <disable-audit>true</disable-audit> </jboss-web>
and in standalone.xml
<subsystem xmlns="urn:jboss:domain:security:1.2"> <security-domains> ... <security-domain name="boom" cache-type="default"> <authentication> <login-module code="com.boom.security.BoomLoginModule" flag="required"/> </authentication> </security-domain> </security-domains> </subsystem>

Auth method is declared as basic in web.xml.

Thanks for assistance! Solved by doing JAAS login in MDB.

Jaikiran Pai, thanks for the quick answer!

I receive a username in Message object in MDB. And I would like to call SSB by that user... Is there a way to create a security context for particular user in MDB.onMessage()?

Got problem with JBoss AS7 / EAP6. In MDB, when I lookup for SSB and call its method, the call is always anonymous, i.e. sessionContext.getCallerPrincipal() returns Principal(anonymous). Always... In AS5 everything was fine.

How can I fix it to make a call with an authenticated user?

My MDB:
@MessageDriven(activationConfig = { @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue"), @ActivationConfigProperty(propertyName = "destination", propertyValue = "queue/piQueue"), @ActivationConfigProperty(propertyName = "dLQMaxResent", propertyValue = "3") }) @SecurityDomain("mySecurityDomain") public class PIMessageBean implements MessageListener { ... //subject always anonymous... Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); PIManager pim = lookupPIManager(); pim.getPIs(); //call is anonymous ... }
My queue settings:
<subsystem xmlns="urn:jboss:domain:messaging:1.2"> <hornetq-server> ... <jms-destinations> <jms-queue name="piQueue"> <entry name="queue/piQueue"/> <entry name="java:jboss/exported/jms/queue/piQueue"/> </jms-queue> </jms-destinations> <security-domain>mySecurityDomain</security-domain> </hornetq-server> </subsystem>
My Security Domain:
<security-domain name="mySecurityDomain" cache-type="default"> <authentication> <login-module code="com.qu.vad.CustomUsernamePasswordLoginModule" flag="required"> </login-module> </authentication> </security-domain>