Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11863

CORSFilter position in web.xml should come before most filters

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 5.5.1, 6.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.0.0.4, 6.0.0.5, 6.0.0.6, 6.5.0
    • Fix Version/s: 6.5.1, 6.0.1, 7.0.0, 5.5.2
    • Component/s: authentication, rest
    • Labels:
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When OpenAM CORS is enabled by following uncommenting provided blocks in web.xml the placement of the CORSFilter filter-mapping is last.  This will help to avoid obsure issue when CORS gives 302.

       

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Setup CORS like OPENAM-5984
      2. Say the CORSFilter is
              <filter-mapping>
                <filter-name>CORSFilter</filter-name>
                <url-pattern>/*</url-pattern>
            </filter-mapping>
      3. Now if you access CORS for /UI/Login it return 302 and causes CORS error due to preflight cannot return 302 (to /XUI/#login)
      Expected behaviour
      The template web.xml should have the CORSFiler before the XUIFilter. (OPTIONS call preflight should always return 200 or other but not 302
      
      Current behaviour
      302 return on some URL like /UI/Login for CORSFilter

      Work around

      Reorder the CORSFilter to come before XUIFilter

       

        Attachments

          Activity

            People

            • Assignee:
              chee-weng.chea C-Weng C
              Reporter:
              chee-weng.chea C-Weng C
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: