So here is my configuration
configuration.add(factory.createChain("/abc/*")
.add(factory.anon()).build());
configuration.add(factory.createChain("/pdf/pdfReport/*")
.add(factory.authc()).build());
configuration.add(factory.createChain("/*").add(factory.authc())
.build());
The problem i am facing is /abc is in root path and if i make it anonymous then shiro still redirects it to login page.
I guess /* is overwriting the /abc request and send every root reqyest for authentication because if i comment this code
configuration.add(factory.createChain("/*").add(factory.authc())
.build());
then i can access /abc anonymously.Can anyone please guide how can i keep both and still achieve mu functionality
I figured it out.I just need to give
configuration.add(factory.createChain("/abc")
.add(factory.anon()).build());
instead of /* because /* is alreadu authenticated for every url after / in the chain
Related
TLDR: I have a site protected with Okta SAML authentication, but somehow during my redirect and authentication phase, the redirect, which is a parameter in the URL, gets lost. Looking for advice.
Background:
I have a Linux server with Apache using Mellon to connect to Okta for SAML authentication.
I have a url like this:
https://docs.example.com/current/readme
I have a redirect.php file at the root of example.com that redirects the user to something like
https://docs.example.com/docs/version/Default.php#cshid=readme
That is the generated output URL for context-sensitive help, which in turn redirects the user to something like:
https://docs.example.com/docs/version/content/readme.php
That all works if you are already authenticated with SAML. However, if you aren't already authenticated, you get sent to Okta.
https://success.example.com/login/login.htm?fromURI=%2Fapp%2Fssoexample_docsexamplecom_2%2Fexk4g2c3ofeuJWRSu4x6%2Fsso%2Fsaml%3FSAMLRequest%3DhZJfT8IwFMW%252FytJ3aBljaAMkAyTBqDHgn8QX0pSLNG7t7G0Rv73tFhVf8KnN7Tm553fSEYqqrHnh3V6v4N0DuulSA3Em%252BLmymiTL%252BZhsslk6HE6nxbTH8sHVIOvnLGWzxXSYXxbZBVuQ5pYanRCuzBiaa%252FD8k46eOgNOevxjL2QZB4YlBauce2dq5FTil5KQOweQIud6kpTUW2TUji%252BZa%252Bp7Jsd%252BOvkycxohJjhHK1sRVx6a8PZUVVdKqkcSRbGSmhKH5OdKBEi2n1oRx3gZ1J8lxWX%252BQrsGuxBSXhc3fyCxdynVBWUpdG0NuhWgHVMQCajGJo35dnJeeeInmpH7fe4C2jL%252Bb0J6T9j9kr8Qx4natvZNVLurNCoQgOBKez4mFkQLnA664HQSbvy7yecfAE%253D%26RelayState%3Dhttps%253A%252F%252Fdocs.example.com%252FDocs%252Fcurrent%252FTopNav%252FDefault.php#cshid=readme
So, at the end of that URL, the hash and parameter are retained: #cshid=readme
However, after I successfully log in, somehow the URL looses the #cshid=readme and just redirects me to:
https://docs.example.com/docs/version/Default.php
Any ideas how I can make it retain the hash and the content after the hash? I'm not the person who configured mellon or Okta, but I'd like to have a solution in mind before I contact them with my issue.
In case someone else comes across a similar issue, there are a couple of possible solutions to these scenarios.
Replacing the # with ?. In this context, https://docs.example.com/docs/version/Default.php?cshid=readme
Encoding the # as %23 (still not likely to work in most cases). https://docs.example.com/docs/version/Default.php%23cshid=readme
It is expected that everything after the # is dropped. Fragment parameters are used only on the client-side, but the server will ignore it, which is why Okta is ignoring that portion of the URL.
Using ? instead of # will usually solve most issues.
From an UI5 application I send a request to a server-side via Fetch API and on the server-side I send a response with a redirect to the UI5-app root directory:
import {constants as httpConstants} from "http2";
res.statusCode = httpConstants.HTTP_STATUS_MOVED_PERMANENTLY;
res.header("Location", "/");
The UI5 application gets the response but browser doesn't redirect an user. The only way to redirect an user to the app root is:
sap.m.URLHelper.redirect("/", false);
Is there any way to force a browser to redirect an user to an UI5-app root without using sap.m.URLHelper? I want to make as hard as possible the prevention of redirection, e.g. with a help of browser's DevTools.
UI5 routing is currently using the # part (called fragment or anchor).
This is client side part of the URL and unknown to the server.
You have maybe luck with some backend technologies and browser, but in general this will not work.
As DevTools can manipulate anyways anything… Make sure backend is secure. UI can always be change by the user, no matter what obscure security measurements you make up.
You can try using the HashChanger to route it back to login page!
Once your validation from server is done, use below code!
jQuery.sap.require("sap.ui.core.routing.HashChanger");
sap.ui.core.routing.HashChanger.getInstance().replaceHash("");
I'm looking for a method to redirect visitors from https://site1.co.uk to https://site2.co.uk in HAProxy. I also need to redirect sub-pages (i.e. https://site1.co.uk/page1) to similar pages on site2.co.uk but using specific URLs. I have stuck a sample below of what I'd like to achieve if that helps...
Home redirect:
https://site1.co.uk -> https://site2.co.uk
Sub redirect:
https://site1.co.uk/first-page.html -> https://site2.co.uk/about-us.html
I've been searching for the last day or so for a simple solution to this problem and have been unable to find anything that does the trick.
I'm using HAProxy 1.5 (version required for a specific project) and any help would be much appreciated!
UPDATE
Things I've tried...had to remove HTTPS www.'s due to account limit.
redirect prefix site2.org.uk/subpage2/endresult2.html if { hdr(host) -i site1.org.uk }
redirect prefix site2.org.uk/subpage2/endresult2.html if { hdr(host) -i site1.org.uk/site1page.html }
Line 1: redirects correctly.
Line 2: End result is site2.org.uk/subpage2/endresult2/site1page.html - this is incorrect and should not include the site1page.html page on the end.
End result should be site2.org.uk/subpage2/endresult2 - this is how it I would like it to appear.
The server that HAProxy is on also serves multiple sites with different URLs. The above code is also redirecting them yet it shouldn't interact. How can I prevent this from happening?
UPDATE 2
I've noticed that when I enable a redirect, it's affecting my other sites which route through HAProxy and not just the one I'm trying to redirect (i.e. site1)
if you need to redirect your URL, you can check below link:
How to redirect URL with HAProxy
in haproxy you should use configuration like above
Although not technically the answer I wanted...I realised that I could redirect using the httpd configuration file instead of HAProxy. In the end that was the easiest option for a newbie like myself. Time will tell if this performs well...
I am trying to create a jmeter test script. For login, I make a POST request to the
https://www..com/authenticate
with valid parameters. On the browser, when I fill the form fields and submit, on successful login it redirects me to the
https://www..com/objects/index
page. But this is failing in jmeter. I get a 301: Moved Permanently in the response. How do I make jmeter redirect post login. I tried adding the second url as a different What am I doing wrong here?
Note- I have tried different combinations of Redirect Automatically and Follow redirects but nothing helped.
can't you use another request of type GET to reproduce the scenario ? + adding a Cookie manager so the session continues ? Something like this :
(First request is a POST - where you post your login data)
(Second one is GET - where you get the index page or the one that follows the login)
You could also check this there is an explanation what might be wrong in the code (corrupt redirection chain or something) check it out
The issue was not with redirection. The authentication was not going through as I was sending the header in a wrong sequence. Resolved the issue on correcting the order.
We are writing a Java based webapp with Shiro as the authentication framework and came across a redirect issue.
On login redirects the fragment ids get lost:
/workspace#documents/... (fragment id is not submitted, which is normal HTTP behaviour)
/login#documents/... (fragment id is reappended by browser after redirect)
/workspace (Shiro redirects to base url)
Has anyone figured out a simple solution to preserve the fragment identifier across the login redirects?
This question is pretty old, but just in case.
The url should preserve the hash id if you let shiro handle the redirects. If you roll your own redirect they that might be the problem.
Here is a sample app that proves hash ids are persisted after log in redirect.
https://github.com/dominicfarr/skybird-shiro
See Preserve Hash id in ReadME