Defect #4276

Login failure running 0.8.7 in tomcat with jRuby

Added by Henning Sprang over 9 years ago. Updated over 7 years ago.

Status:ClosedStart date:2009-11-24
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:Cant reproduce Affected version:0.8.7

Description

Since Redmine 0.8.7 there is some problem at login (it's impossible) when running in a tomcat servlet container via jruby.

while up to 0.8.6 things work fine just as described here: http://www.redmine.org/wiki/redmine/HowTo_install_Redmine_in_Apache_Tomcat, in 0.8.7 I get the following error in the tomcat logs(for plain tomcat from apache) or in the webbrowser, after I enter my username and password in the login form:

Also, running jruby script/server starts up a working Redmine system.

Processing AccountController#login (for 0:0:0:0:0:0:0:1 at 2009-11-24 00:34:08) [GET]
  Session ID: e9a49954dcdac7702ddc1edf2d473079
  Parameters: {"controller"=>"account", "action"=>"login"}
Rendering template within layouts/base
Rendering account/login
Completed in 0.22800 (4 reqs/sec) | Rendering: 0.08900 (39%) | DB: 0.00700 (3%) | 200 OK [http://localhost/redmine/login]

Nov 24, 2009 12:34:13 AM org.apache.catalina.core.ApplicationContext log
INFO: 

Processing AccountController#login (for 0:0:0:0:0:0:0:1 at 2009-11-24 00:34:13) [POST]
  Session ID: 83ec5e2a4648a73e765ed577bdd72a83
  Parameters: {"authenticity_token"=>"5f953c05e0fefeefec0cea9c25bd556bd376aed8", "back_url"=>"http%3A%2F%2Flocalhost%3A8080%2Fredmine%2F", "username"=>"henning", "password"=>"[FILTERED]", "login"=>"Login ยป", "controller"=>"account", "action"=>"login"}

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
    /vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb:86:in `verify_authenticity_token'
    /vendor/rails/activesupport/lib/active_support/callbacks.rb:173:in `evaluate_method'
    /vendor/rails/activesupport/lib/active_support/callbacks.rb:161:in `call'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:191:in `call'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:591:in `run_before_filters'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:577:in `call_filters'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:572:in `perform_action_with_filters'
    /vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_with_benchmark'
    file:/lib/jruby-stdlib-1.4.0.jar!/META-INF/jruby.home/lib/ruby/1.8/benchmark.rb:293:in `measure'
    /vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_with_benchmark'
    /vendor/rails/actionpack/lib/action_controller/rescue.rb:201:in `perform_action_with_rescue'
    /vendor/rails/actionpack/lib/action_controller/caching/sql_cache.rb:13:in `perform_action_with_caching'
    /vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/query_cache.rb:33:in `cache'
    /vendor/rails/activerecord/lib/active_record/query_cache.rb:8:in `cache'
    /vendor/rails/actionpack/lib/action_controller/caching/sql_cache.rb:12:in `perform_action_with_caching'
    /vendor/rails/actionpack/lib/action_controller/base.rb:529:in `process'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:568:in `process_with_filters'
    /vendor/rails/actionpack/lib/action_controller/session_management.rb:130:in `process_with_session_management_support'
    /vendor/rails/actionpack/lib/action_controller/base.rb:389:in `process'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:149:in `handle_request'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:107:in `dispatch'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:104:in `dispatch'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:120:in `dispatch_cgi'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:35:in `dispatch'
    file:/lib/jruby-rack-0.9.5.jar!/rack/adapter/rails_cgi.rb:24:in `call'
    file:/lib/jruby-rack-0.9.5.jar!/rack/adapter/rails.rb:35:in `serve_rails'
    file:/lib/jruby-rack-0.9.5.jar!/rack/adapter/rails.rb:40:in `call'
    file:/lib/jruby-rack-0.9.5.jar!/jruby/rack/rails.rb:148:in `call'
    file:/lib/jruby-rack-0.9.5.jar!/rack/handler/servlet.rb:18:in `call'
    :1

Software/dependency versions:

mysql 5.1.37-1ubuntu5
jruby1.2 1.2.0-2ubuntu2 (this is the one used when running the script/server way that works)
tomcat 6.0.18 from apache.org and tomcat 6.0.20 from Ubuntu Karmic.

Gems that are used for producing the war:

jruby-jars (1.4.0) (so this might actually be the jruby used when running the thing in tomcat!)
rake (0.8.7)
warbler (0.9.14)

$ ruby script/about
About your application's environment
Ruby version              1.8.7 (i486-linux)
RubyGems version          1.3.5
Rails version             2.1.2
Active Record version     2.1.2
Action Pack version       2.1.2
Active Resource version   2.1.2
Action Mailer version     2.1.2
Active Support version    2.1.2
Edge Rails revision       43a3183696396f57b23d505f9bfe5e791dba7eaa
Application root          /data/produktion/tmp/rails-tomcat-test/redmine-0.8.7
Environment               development
Database adapter          mysql

History

#1 Updated by Henning Sprang over 9 years ago

BTW, I also tried if I can reproduce the problem with the latest development version from github, but here I have problems with mysql driver gems:

$ ~/.gem/ruby/1.8/bin/warble config
!!! The bundled mysql.rb driver has been removed from Rails 2.2. Please install the mysql gem and try again: gem install mysql.
rake aborted!
no such file to load -- mysql
/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require'
(See full trace by running task with --trace)

$ gem install mysql
WARNING:  Installing to ~/.gem since /var/lib/gems/1.8 and
      /var/lib/gems/1.8/bin aren't both writable.
WARNING:  You don't have /home/henning-old/.gem/ruby/1.8/bin in your PATH,
      gem executables will not run.
Building native extensions.  This could take a while...
ERROR:  Error installing mysql:
    ERROR: Failed to build gem native extension.

/usr/bin/ruby1.8 extconf.rb
extconf.rb:10:in `require': no such file to load -- mkmf (LoadError)
    from extconf.rb:10

Gem files will remain installed in /home/henning-old/.gem/ruby/1.8/gems/mysql-2.8.1 for inspection.
Results logged to /home/henning-old/.gem/ruby/1.8/gems/mysql-2.8.1/ext/mysql_api/gem_make.out

I'm not a ruby expert, so I'm stuck here - but I can try again if I get a built of the development trunk that has all dependencies as the normal release downloads...

#2 Updated by Jean-Philippe Lang over 9 years ago

Just tested with JRuby 1.4.0 + mongrel and I can't reproduce.
Login works as expected with 0.8.7 or current trunk.

#3 Updated by Henning Sprang over 9 years ago

Jean-Philippe Lang wrote:

Just tested with JRuby 1.4.0 + mongrel and I can't reproduce.
Login works as expected with 0.8.7 or current trunk.

As I wrote, it's also not happening with Jruby and webrick.

So it seems it's at least tomcat - or maybe .war specific.

I can check and throw the .war into jBoss and see what's happening there to find that out.

#4 Updated by Henning Sprang over 9 years ago

Henning Sprang wrote:

Jean-Philippe Lang wrote:
I can check and throw the .war into jBoss and see what's happening there to find that out.

It doesn't run in JBoss, either - but that is the same for all versions i tested - 0.8.0, 0.8.6, 0.8.7, so this is not the same problem.

#5 Updated by Henning Sprang over 9 years ago

Henning Sprang wrote:

Henning Sprang wrote:

Jean-Philippe Lang wrote:
I can check and throw the .war into jBoss and see what's happening there to find that out.

It doesn't run in JBoss, either - but that is the same for all versions i tested - 0.8.0, 0.8.6, 0.8.7, so this is not the same problem.

Forgot to add: the error messgae is also a totally different one!

#6 Updated by Henning Sprang over 9 years ago

Another difference appearing since 0.8.7 that might have something to do with this but I forgot to mention:

When first trying to build the war with warble, I got this message:

$ ~/.gem/ruby/1.8/bin/warble 
rake aborted!
/data/produktion/tmp/rails-tomcat-test/redmine-0.8.7/app/controllers/application.rb:29: Missing session secret. Please run 'rake config/initializers/session_store.rb' to generate one
/home/henning-old/.gem/ruby/1.8/gems/warbler-0.9.14/lib/warbler/task.rb:40:in `initialize'
(See full trace by running task with --trace)

Doing as told in the error creates a file "config/initializers/session_store.rb", then warble get's the war built, but not working because the problem in this issue.

#7 Updated by Henning Sprang over 9 years ago

Some further checking, it's definitely the line 31 of application.rb:

protect_from_forgery :secret => session.first[:secret]

that creates the error.

#8 Updated by Henning Sprang over 9 years ago

Henning Sprang wrote:

Some further checking, it's definitely the line 31 of application.rb:

[...]

that creates the error.

(identified by removing changes between 0.8.6 and 0.8.7 and seeing when the error occurs)

#9 Updated by Jean-Philippe Lang over 9 years ago

Can you try to delete your cookies, then load or refresh the login page in your browser, then log in.

#10 Updated by Henning Sprang over 9 years ago

Jean-Philippe Lang wrote:

Can you try to delete your cookies, then load or refresh the login page in your browser, then log in.

yes, no change - also with different browsers, that never logged in to the app etc.

#11 Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from New to Closed
  • Resolution set to Cant reproduce

I'm sorry but I have to close this ticket since I can't reproduce with a fresh Redmine+JRuby setup.

#12 Updated by Henning Sprang over 9 years ago

  • Status changed from Closed to Reopened

Jean-Philippe Lang wrote:

I'm sorry but I have to close this ticket since I can't reproduce with a fresh Redmine+JRuby setup

As I said(and even the topic says): The error does not occur when running scripts/server with plain JRuby, but when building a .war with warble and deploying it in a Tomcat Servlet container.

I believe very much, if you try it like this, you'll be able top reproduce it.

Also, I see no necessity why this bug must be closed right now.
I already invested quite a bit of time in solving it, and will continue to do so, as I need to run redmine in Tomcat.

I even tracked down the exact line that leads to the error, and I probably will look further into it and give more hints. It must have something to do with session handling.

Maybe, when run in tomcat, tomcat's builtin session handling is before everything, and so the sessions checking inside the redmine app fails. So maybe, session checking must be turned off when running in a servlet container.

Tomcat is a very common way of running Web Applications in java, so if you are interested at all in supporting redmine being run on the java platform with JRuby, this might be one of the most important ways.

#13 Updated by Henning Sprang over 9 years ago

A further hint on that ( I do not understand yet, but will look into):

http://old.nabble.com/InvalidAuthentictyToken-error-td17996793.html

#14 Updated by Jean-Philippe Lang over 9 years ago

I was able to reproduce with 0.8.7 release + Tomcat 6.
It works with current Redmine trunk (which uses Rails 2.3.4) and thus with the upcoming 0.9 release.

#15 Updated by Henning Sprang over 9 years ago

Jean-Philippe Lang wrote:

I was able to reproduce with 0.8.7 release + Tomcat 6.

Thanks a lot for testing!

It works with current Redmine trunk (which uses Rails 2.3.4) and thus with the upcoming 0.9 release.

Sorry, I tried that, too, but didn't succeed as written above.

So, let's close this issue...

#16 Updated by Jean-Philippe Lang over 9 years ago

Henning Sprang wrote:

BTW, I also tried if I can reproduce the problem with the latest development version from github, but here I have problems with mysql driver gems:

I also add this issue the first time I tried to build the war.
Make sure that all your environments in database.yml use the jdbcmysql adapter, not mysql.

#17 Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from Reopened to Closed

#18 Updated by Melany Simpson over 8 years ago

SPAM

#19 Updated by goldleaf asd over 8 years ago

SPAM

#20 Updated by goldleaf asd over 8 years ago

SPAM

#21 Updated by Etienne Massip over 7 years ago

  • Category set to Accounts / authentication

Also available in: Atom PDF