Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 206260

Summary: HTTP Import: log on dialog not show up for some urls
Product: z_Archived Reporter: Jane Fang <janefang>
Component: TPTPAssignee: Rohit Shetty <rohit.shetty>
Status: CLOSED FIXED QA Contact:
Severity: enhancement    
Priority: P1 CC: apnan, dnastaci, janefang, jkubasta, labadie, paulslau, sluiman, umarkova
Version: unspecifiedKeywords: plan
Target Milestone: ---Flags: apnan: review+
Hardware: PC   
OS: Windows XP   
URL: http://www.eclipse.org/tptp/groups/Architecture/documents/features/hf_206260.html
Whiteboard: closed460
Attachments:
Description Flags
Proposed Patch
none
Updated patch
none
Manual test case
none
Example log to test
none
Updated patch
rohit.shetty: review?
4403 patched org.eclipse.tptp.monitoring.la.core jar
none
4403 patched org.eclipse.tptp.monitoring.logui jar none

Description Jane Fang CLA 2007-10-14 10:42:21 EDT 
Build ID: I20070625-1500

Steps To Reproduce:

1. import a log using HTTP, make sure the log is password protected

log on dialog doesn't show up. the returned http error message is saved and imported as a log, which causes a parser error.

More information:
below is the url that causes this error:
"http://ecurep.mainz.de.ibm.com/aex/erdocs/4/7/47161%2C7TD%2C000/47161.7TD.000.SharedServicesLogs2.zip_unzip/SharedServicesLogs/IBM/WebSphere/Express51/AppServer/logs/server1/SystemErr.log"

More information:
Comment 1 Alex Nan CLA 2007-10-30 23:46:39 EDT 
There are two parts if this problem:
- a trivial one in which "https://" URLs are discarded.
- a non trivial one with the Java authenticator, which is supposed to prompt for user name/password when attempring to opne an input stream which requires authentication, and which doesn't work for the url specified in the defect. 

Apparently the EcuRep web site is password protected but for some reason java authentication doesn't work. In the tests that we usually run in TPTP we use an Apache web server which is password protected and  for which password authentication works. This problem needs furhter investigation.
Is this defect required in the fix pack by the consumer?
Comment 2 Jane Fang CLA 2007-10-31 11:21:09 EDT 
Hi Alex,

Denilson has explained to me what happened. The EcuRep sent back 3XX (Redirect), and the new url, which is an https url, is embedede in the header. So the client code needs to check what HTTP status code is returned after sending a request. If it is 2XX, then starts downloading, if it is 3XX, finds the new url and re-sends a request with the new url, etc.

Eric requests to fix this defect. 

Thanks
Comment 3 Jane Fang CLA 2007-11-01 12:03:37 EDT 
Hi Alex,

Please patch the fix for TPTP 4.4.0.3, because the EcuRep/Archive Explorer folks need it now.

Thanks
Comment 4 Alex Nan CLA 2007-11-01 12:10:55 EDT 
Targetting to 4.4.1.
Comment 5 Alex Nan CLA 2007-11-05 17:56:59 EST 
Rohit, can you please take a look (start with my prelimiary diagnosis), I am swamped up this week with other tasks. We need to get this done in 4.4.1 and also provide a 4403 patch (read patched jar) for our consumer.
Thanks.
Comment 6 Rohit Shetty CLA 2007-11-08 04:44:00 EST 
Created attachment 82417 [details]
Proposed Patch
Comment 7 Rohit Shetty CLA 2007-11-08 04:45:49 EST 
The patch has been tested for HTTP/HTTPS import and website that contains redirects.

Jane,
Can you please verify the patch. Thanks.
Comment 8 Rohit Shetty CLA 2007-11-09 13:05:58 EST 
Created attachment 82555 [details]
Updated patch
Comment 9 Rohit Shetty CLA 2007-11-09 14:30:22 EST 
Created attachment 82560 [details]
Manual test case
Comment 10 Rohit Shetty CLA 2007-11-11 10:15:13 EST 
Created attachment 82621 [details]
Example log to test
Comment 11 Rohit Shetty CLA 2007-11-12 02:05:32 EST 
Created attachment 82640 [details]
Updated patch
Comment 12 Alex Nan CLA 2007-11-12 11:48:38 EST 
Patch reviewed and approved.
Comment 13 Alex Nan CLA 2007-11-26 20:25:41 EST 
Change defect to enhancement as requested by the PMC and add design doc.
Comment 14 Alex Nan CLA 2007-11-27 22:37:15 EST 
Created attachment 83937 [details]
4403 patched org.eclipse.tptp.monitoring.la.core jar

Add 4403 patched org.eclipse.tptp.monitoring.la.core jar
Comment 15 Alex Nan CLA 2007-11-27 22:37:54 EST 
Created attachment 83938 [details]
4403 patched org.eclipse.tptp.monitoring.logui jar

Add 4403 patched org.eclipse.tptp.monitoring.logui jar
Comment 16 Harm Sluiman CLA 2007-11-29 12:12:34 EST 
why does there need to be a limit of 5 in the redirection support. Granted a typical redirect may only go 2-3 redirects but why a limit at all. Workload balancers etc. can greatly vary the the need.
Comment 17 Rohit Shetty CLA 2007-11-29 12:29:13 EST 
Thats the number of redirections generally supported by browsers, this number cannot be infinity since it might make us susceptible to loop attacks. 

And Yes, generally you dont see redirections more than twice or thrice. But then i think we should support what browsers support. BTW, there is no impact on performance or any other aspect since this number is 5.
Comment 18 Alex Nan CLA 2007-11-29 13:23:22 EST 
The nr of redirection retries limit is documented in section 9.3  Redirection 3xx
of rfc1945 http://www.w3.org/Protocols/rfc1945/rfc1945.
Comment 19 Alex Nan CLA 2007-11-29 13:37:59 EST 
The latest rfc on http1.1 doesn't seem to specify this limit anymore http://www.ietf.org/rfc/rfc2616.txt, it just mentions it for content developers to be aware of it but emphasises that infinite loops should be detected.
Comment 20 Paul Slauenwhite CLA 2007-11-29 14:48:44 EST 
AG approved for 4.5 with the following comments:

-Since the limit of 5 redirects is somewhat small, can we increase it  (e.g. 100). 
-Please document the limit of redirects in the product documentation.
-The documentation sizing is somewhat small (2 hours:).

I have added this defect to the 4.5 Plan.
Comment 21 Alex Nan CLA 2007-11-29 22:29:52 EST 
I have updated the design doc. and added more doc. time. I've also pointed to the rfc2616 document. We are limiting the redirection retries to 10, which we believe are more then sufficient.
Comment 22 Rohit Shetty CLA 2007-11-29 23:58:38 EST 
Checked in patch (with redirection retries=10) and test cases.
Comment 23 Harm Sluiman CLA 2007-11-30 11:50:07 EST 
(In reply to comment #19)
> The latest rfc on http1.1 doesn't seem to specify this limit anymore
> http://www.ietf.org/rfc/rfc2616.txt, it just mentions it for content developers
> to be aware of it but emphasises that infinite loops should be detected.
> 

I am not sure I would write code based on 11+ year old speculation. I guess my point is more about why we would need to even code a limit. Perhaps a coding style question, but the limit selected is relatively random. I don't see that a user would expose themselves to an "attack". If it takes too long they can cancel the request. We are not providing a general purpose browser or random navigation tool.
Comment 24 Alex Nan CLA 2007-12-04 22:13:16 EST 
Documentaion updated. Feature completed.
Comment 25 Paul Slauenwhite CLA 2009-06-30 13:19:49 EDT 
As of TPTP 4.6.0, TPTP is in maintenance mode and focusing on improving quality by resolving relevant enhancements/defects and increasing test coverage through test creation, automation, Build Verification Tests (BVTs), and expanded run-time execution. As part of the TPTP Bugzilla housecleaning process (see http://wiki.eclipse.org/Bugzilla_Housecleaning_Processes), this enhancement/defect is verified/closed by the Project Lead since this enhancement/defect has been resolved and unverified for more than 1 year and considered to be fixed. If this enhancement/defect is still unresolved and reproducible in the latest TPTP release (http://www.eclipse.org/tptp/home/downloads/), please re-open.