You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when some hawtio servlet is invoked, we have stack traces similar to (running on SpringBoot):
"XNIO-2 task-5@9475" prio=5 tid=0x53 nid=NA runnable
java.lang.Thread.State: RUNNABLE
at io.hawt.web.auth.LoginServlet.doPost(LoginServlet.java:62)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:547)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:614)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at io.hawt.web.auth.LoginRedirectFilter.doFilter(LoginRedirectFilter.java:70)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.filters.HttpHeaderFilter.doFilter(HttpHeaderFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.hawt.web.auth.SessionExpiryFilter.process(SessionExpiryFilter.java:110)
at io.hawt.web.auth.SessionExpiryFilter.doFilter(SessionExpiryFilter.java:66)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:101)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:393)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:859)
at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
at java.lang.Thread.run(Thread.java:842)
That's 69 lines. 27 of which is for 9 filters which' only goal is to add response headers (mostly security related):
cache: Cache-Control + Pragma: no-cache
CORS: Access-Control-*
frames: X-Frame-Options
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Content-Security-Policy - very important
Strict-Transport-Security
Public-Key-Pins
Referrer-Policy
While all are very important, the stack trace doesn't show which one is which and also when Hawtio is ingegrated with other products (like Artemis), these stack traces make it more difficult to analyze problems.
What do you think about creating one filter which would delegate to more fine grained components (easily and nicely done in Spring Boot) that deal with particular headers?
The text was updated successfully, but these errors were encountered:
I think that the original idea was to make the filters easily composable and some of them easily added and ejected. So long as we can keep the modularity and separation of code for each header, it should be fine to make it a single filter for the http headers.
Note that they are all very important and also should be easily customisable.
Currently, when some hawtio servlet is invoked, we have stack traces similar to (running on SpringBoot):
That's 69 lines. 27 of which is for 9 filters which' only goal is to add response headers (mostly security related):
Cache-Control
+Pragma: no-cache
Access-Control-*
X-Frame-Options
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Content-Security-Policy
- very importantStrict-Transport-Security
Public-Key-Pins
Referrer-Policy
While all are very important, the stack trace doesn't show which one is which and also when Hawtio is ingegrated with other products (like Artemis), these stack traces make it more difficult to analyze problems.
What do you think about creating one filter which would delegate to more fine grained components (easily and nicely done in Spring Boot) that deal with particular headers?
The text was updated successfully, but these errors were encountered: