We are moving a Grails 4 application from Oracle to Postgres, and from one server to another. We can run our application without issues locally (using run-app
), so we don't think the Oracle -> Postgres transition is responsible for the issue we are seeing; we believe it's because of the switch from one environment to another.
We are seeing an issue where a request to "/OurApp/loginStatus/" that we would like to be handled by the Grails defaultAction. We would really like this URL to be mapped to "OurApp/loginStatus/index" which it does in other environments.
Here is a pared-down LoginStatusController:
class LoginStatusController {
def index() {
render([success: true] as JSON)
}
}
Tomcat Logging
We turned on the RequestDumperFilter
and this is where you see a difference between the URL and application path:
requestURI=/OurApp/loginStatus/
servletPath=/loginStatus/index.jsp
Application Logging
Adding additional spring-security logging gives us this:
Request received for '/loginStatus/index.jsp':
servletPath:/loginStatus/index.jsp
Configuration
I've gone over the server.xml
, web.xml
, and context.xml
and I don't see anything that would explain why our new environment treats these requests differently.
We can't tell if Tomcat or Grails is at fault for the problem, or even how to debug further. The new server is only accessibly through a remote Windows OS that is lacking in tools to do any sort of remote debugging.
CodePudding user response:
The cause of the problem was a catalina option added to the tomcat.service
file. The particular option was:
org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
This was added along with several other options (RECYCLE_FACADES
, ALLOW_BACKSPLASH
, etc.) as a means to secure the server in the new environment without consideration of the impact.
Here is the official Tomcat 8 configuration documentation about this setting:
The default value of this system property is false.
If this is true the default values will be changed for:
- org.apache.catalina.core. ApplicationContext.GET_RESOURCE_REQUIRE_SLASH
- org.apache.catalina.core. ApplicationDispatcher.WRAP_SAME_OBJECT
- org.apache.catalina.core. StandardHostValve.ACCESS_SESSION
- org.apache.catalina.session. StandardSession.ACTIVITY_CHECK
- org.apache.catalina.session. StandardSession.LAST_ACCESS_AT_START
- org.apache.tomcat.util.http. ServerCookie.STRICT_NAMING
- The URIEncoding attribute of any HTTP connector or AJP connector element.
- The resourceOnlyServlets attribute of any Context element. The tldValidation attribute of any Context element.
- The useRelativeRedirects attribute of any Context element.
- The xmlNamespaceAware attribute of any Context element.
- The xmlValidation attribute of any Context element.
We reverted that option only and our servlet paths were no longer changed between Tomcat and the application.