Uploaded image for project: 'Pentaho BA Platform'
  1. Pentaho BA Platform
  2. BISERVER-12736

Login page incorrectly redirects to original request URL

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Severity: Unknown
    • Resolution: Not a Bug
    • Affects Version/s: 5.1.0 GA
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Story Points:
      0
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.

      Description

      I have configured my BA server installation behind an Apache server acting as SSL termination endpoint and reverse proxy on our internal domain colmer.ob1.de. Apache proxies all incoming requests to the regular pentaho tomcat at localhost:8080.

      In general this works fine. Logging in/out and viewing content all works as expected.

      The problem surfaces when I am logged out and enter a deep URL to pentaho content. For example: *https://colmer.ob1.de/pentaho/api/repos/%3Apublic%3Ahidrive%3Atest.xanalyzer/viewer*

      This will first redirect me to the login page, as expected, and after a successful login, the login pages tries to forward to the original URL.

      This behaviour is broken. The pentaho server redirects to the full URL as seen requested by the proxy i.e. *http://localhost:8080/pentaho/api/repos/%3Apublic%3Ahidrive%3Atest.xanalyzer/viewer* and does a javascript redirect to the full URL on the client.

      It should instead use one of the following methods to redirect correctly:

      • respect proxy headers and forward to the original URL determined by the appropriate HTTP headers ''X-Forwarded-For", "X-Forwarded-Host" and "X-Forwarded-Proto" as described by https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
      • forward only relative to the pentaho webapp context i.e. forward to '/pentaho/api/repos/%3Apublic%3Ahidrive%3Atest.xanalyzer/viewer', which would also work in the browser
      • actually use the fully-qualified-server-url parameter from the webapp config, which it does not do for login page redirection

      The error is in biserver-ee/tomcat/webapps/pentaho/jsp/PUCLogin.jsp where requestedURL is set to ((SavedRequest) reqObj).getFullRequestUrl() which contains the http://localhost:8080 prefix, and is subsequently used for client side javascript redirection (js var returnLocation).

      As a result, we cannot build a BI solution that opens anything but /Home.

      Thanks

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            Slawo Slawomir Chodnicki
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: