Hey guys, I have a problem that I need some more brain power to figure out. I've been kind of winging it to try and find a solution. I've been developing an Ionic 2 App Login system utilizing an external Rest API Database IE: Jira software.
Now, The code works perfect on normal web browser. But when you bring the code and compile it in ionic to mobile app format is the problem. When you issue the http POST response the header gives a bad request. I've figured out exactly why its doing this but the problem for me now is trying to apply a working solution. I was wondering if anyone else maybe able to help.
From my understanding I need to compile and build a maven plugin for tomcat and this plugin should have the above code preferably from Francois Gergaud's. My problem is I'm super new to java so im screwing up basically. If i could get a hand with a working source to compile/build and place on the server would be amazing.
Willing to donate enough for lunch or something to anyone who can get this to solve my problem.
PS: Another way to solve this without fixing the server end would be I guess doing a nodejs proxy relay, but I would like not to manage 2 code sets for this project.
@wendell you do commercial end stuff wondering if you came across this issue with Jira as it uses Tomcat. Long shot I'm sure asking you but hey thought I'd try.
The easiest way is to run a local development server to serve your index.html file. Do you have node installed? If so just install the https://www.npmjs.com/package/http-server and run it in your local folder; it should take you literally 10 minutes (max) to get it running.
If you get any Cross-Origin Resource Sharing (CORS) issues just install Allow-Control-Allow-Origin: * chrome extension.
Running locally isn't the issue, it's when compiled as an apk android app.
Locally is perfectly fine and receives 200 responses. Android apk compiled on the other hand, that's when tomcat rejects the origin because the uri parser for the scheme file://
> Actually, my stupid mistake learning Angular 2. Solved my issue doing it with proper syntax posting.
Actually I was wrong, it works for everything but POST requests.. Still same error 500 on them. Duno why I thought I fixed it. Wishful thinking I guess.
@jak_ub Thanks for your reply! Here's my server info.
Server version: Apache Tomcat/8.5.6
Server built: Oct 6 2016 20:15:31 UTC
Server number: 8.5.6.0
So I shouldn't be having this issue if that's the case, as they say 8.5.5 onwards is supposed to be fixed ya? I've tried setting the cors even with file:// in the origin and even listing http etc, it added the file:// as acceptable origin but still bounced error of URI previously.
Maybe its possible as this is bundled with Jira, they have kept older classes? and this could be causing the issue.. I duno.
Either way, I guess I could try the following.
Upgrade Tomcat thats bundled with Jira
Create a maven plugin that just skips the Origin: File:// in header. (as listed in the above link just cant get the thing to build)
Use a http proxy relay (more code least best option imo.)
OK, my bad. I've missed one major thing from the response you linked. Attlassian/JIRA code is calling the URI class directly so it seems that JIRA its self now has similar issue that tomcat had.
at. 1 - seems that is no option any longer as it is JIRA application that has the isue at. 2 - filter proposed as a solution is best to be included in the WAR application, so far I've seen that it is possible to declare it globally in Tomcat, but every application could override it
To be clear: You call JIRA REST API from the client application and you do not have any backend application at all?
Tomcat has something like Valve - first read about it today ;) - and that is a mechanism that supposed to be working as a global means of filtering.
here is some blog examples:
at. 3. If you have in mind custom application that will be a HTTP proxy relay. I would say that it would be 10 time more time consuming than simple filter/valve within a container. And you will risk constantly running into corner cased that would require change in the relay.
Yeah, I call JIRA directly from Client to server (works fine with web browsers just not compiled with Android webview apk.)
Will reply back in a little bit with some other findings I'm tinkering with atm.
--
I don't mind doing all global means of filtering, Just need this working for time being then I can work patching it later. I'll look at your links you provided. Yeah I don't really want to do opt: 3.
Thanks for your help again.
PS: I was looking into the bundled tomcat/jira plugins and disabled some to test. This is what I found.
500 error goes to 403 when I disabled this: atlassian-healthcheck-3.0.1.jar which is = com.atlassian.healthcheck.core.security.HealthCheckCorsDefaults.allowsOrigin(HealthCheckCorsDefaults.java:23)
this is the code in jira that will return the problem with the URI i am assuming for File:// - Maybe If i can find the source I can modify it.
Oh and btw: yes I'm just testing with http atm but will be doing https soon as I go production. (just lazy atm and dont want to setup letsencrypt.)
By maven plugin you mean to build and compile HttpHeaderNullifierFilter class into jar file, then put it into Tomcat class path and configure tomcat web.xml ?
Pretty much, problem is I'm not good with Java, I got it to compile then it would not build into a jar. Due to issues, I know the lib location where it goes and how to modify it into web.xml. it's just building it really.
If you are on Linux then instll Maven from linux distro repository. If you are on Windows download maven in a zip and extract it in some folder (then you will need to refer to mvn command in that folder , e.g. D:\p.___\apache-maven-3.3.9\bin\mvn instead just mvn).
step 1.
Go to the folder where you want to have maven project created (mvn will create folder in there with the name you will give in -DartifactId )
Maven will be downloading its own dependencies so you will see a screen of logs. Now in "target" folder you will have empty JAR file
step 2.
Now go to the folder /scr/main/java/org/example create file HttpHeaderNullifierFilter.java In that file put the class from Stackoverflow. Add in the beginning of that file:
Go back to the /filter folder where pom.xml is and run mvn clean install again. It will fail since no dependency for imported classed was added in thhe pom.xml. So open pom.xml.
There is allready one dependency there so add after it:
Go back to the /filter folder where pom.xml is and run "mvn clean install" again. Now you have JAR file in target folder with the compiled class. JAR is very small because none of the dependencies is need inside of it. Tomcat runtime environment have servlet-api implementation.
If you would like finalize the code, replace "org.example" your or company domain name. This change should be consistent among groupId, src/main/java subfolder, and a package name in the Java file.
Ah thanks I'll try to complete this when I get in front of the pc, out atm. I have mvn installed already on linux dev box. Had to use it to make a jira plugin, I just wasn't clear on steps as you laid out to create one for tomcat, Thank you so much.
I assume that in the pom it should also be org.example not filter? as it would come out filter-1.0-SNAPSHOT.jar So it should be renamed to org.example.jar right? (obviously renamed with your web address not example.)
Because I also assume that because of your.package.HttpHeaderNullifierFilter ie: your.package = org.example
(testing it now)
Just hoping that the cors thats bundled in jira is done after the tomcat one im applying now otherwise we will still have the same problem.
(Yep as i feared.) com.atlassian.applinks.cors.auth.DefaultCorsService.getApplicationLinksByOrigin(DefaultCorsService.java:50) must come before it. I duno where the filter init prams or w/e is called from as I was posting at the top of the web.xml in WEB-INF so duno what to do now.
But the plugin code compiled and does work as i tested with web browser as it told me that http wasnt accepted as only file:// was.
I assume that in the pom it should also be org.example not filter? as it would come out filter-1.0-SNAPSHOT.jar So it should be renamed to org.example.jar right? (obviously renamed with your web address not example.)
POMs, or more precisely maven artifacts have two part identifier: groupId (domain/company name) artifactId (project name). The produced JAR file is named after artifactId.
(Yep as i feared.) com.atlassian.applinks.cors.auth.DefaultCorsService.getApplicationLinksByOrigin(DefaultCorsService.java:50) must come before it. I duno where the filter init prams or w/e is called from as I was posting at the top of the web.xml in WEB-INF so duno what to do now.
Ok, you get the exception with stacktrace in the response. Do you see there the new class that implements the filter? If not then filter could not have possibility to modify/wrap request.
But the plugin code compiled and does work as i tested with web browser as it told me that http wasnt accepted as only file:// was.
order decides on the filter execution chain not the - just in case you done some thing differently.