-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
8u151
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
1.8.0_151
ADDITIONAL OS VERSION INFORMATION :
It does not matter. The problem shows on every Windows version from XP to 7 to 10.
A DESCRIPTION OF THE PROBLEM :
We have a web application that starts a Java application by Java Web Start. Our application server is behind a load balancer that adds a Load Balancer Session Stickyness cookie to each request. However, the client never sends back that cookie, so the load balancer is unable to route the new requests correctly. Note, that this is not a problem of the application that is called, but of JWS itself, as the request to load the Java app from the server is already missing the stickyness cookie. Here is an example from a *client* net trace:
----------------------
Client => Server
GET /someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823 HTTP/1.1
accept-encoding: gzip
User-Agent: JNLP/1.7.0 javaws/11.151.2.12 (<internal>) Java/1.8.0_151
UA-Java-Version: 1.8.0_151
Cache-Control: no-cache
Pragma: no-cache
Host: our.application.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Cookie: LoginCookie=AnUser%7c123%7cde-DE
----------------
Server => Client
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2017 12:16:24 GMT
Server: Microsoft-IIS/8.5
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1596
Content-Type: application/x-java-jnlp-file
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ASP.NET_SessionId=vepnxqr9sym2lyzuhrgu3mk9; path=/; HttpOnly
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Set-Cookie: LVpersistence=kq21422o00000000000000000000ffff0dc11affo443; path=/; Httponly
<?xml version="1.0" encoding="UTF-8"?><jnlp spec="1.0+" codebase="https://our.application.com/someuri/Components/AppName" href="https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823"><information><title>AppName</title><vendor>Some Vendor, Inc.</vendor></information><security><all-permissions /></security><resources><j2se version="1.8+" /><jar href="AppName.jar" /><jar href="AppNameExt.jar" /></resources><application-desc main-class="somevendor.AppName.webstart.AppNameWebStart"><argument>-DocumentURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/Sign</argument><argument>-SignatureFormatType</argument><argument>3</argument><argument>-PostSignedData</argument><argument>on</argument><argument>-PostURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/PostURL/</argument><argument>-FinishURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/FinishURL/</argument><argument>-CancelURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/CancelURL/</argument><argument>-ErrorURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/ErrorURL/</argument><argument>-ShowUrlsInBrowser</argument><argument>off</argument></application-desc></jnlp>
----------------
Client => Server
GET /someuri/Components/AppName/AppName.jar HTTP/1.1
content-type: application/x-java-archive
accept-encoding: pack200-gzip,gzip
User-Agent: JNLP/1.7.0 javaws/11.151.2.12 (<internal>) Java/1.8.0_151
UA-Java-Version: 1.8.0_151
Cache-Control: no-cache
Pragma: no-cache
Host: our.application.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
If-Modified-Since: Fri, 20 Oct 2017 15:48:25 GMT
Cookie: LoginCookie=AnUser%7c123%7cde-DE; ASP.NET_SessionId=vepnxqr9sym2lyzuhrgu3mk9
As one can see the cookie "LVpersistence" is *not* sent back from the client to the server. This behaviour started as soon as we deployed JRE 1.8.0_151. We did not see that happen before.
REGRESSION. Last worked in version 8u141
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create some Java app to be loaded from the server
2. Access the server through a load balancer
3. Configure the load balancer to add a session stickyness cookie to each response
4. Start the Java App on the client from a web page wie Java Web Start
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
JWS should send back the session stickyness cookie to the load balancer when requesting the jar file of the application to be run on the client and for every request following the first.
ACTUAL -
JWS does not send back the session stickyness cookie.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
No error messages, no crashes.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
There is no source code. Just use any JWS app.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
No workaround.
1.8.0_151
ADDITIONAL OS VERSION INFORMATION :
It does not matter. The problem shows on every Windows version from XP to 7 to 10.
A DESCRIPTION OF THE PROBLEM :
We have a web application that starts a Java application by Java Web Start. Our application server is behind a load balancer that adds a Load Balancer Session Stickyness cookie to each request. However, the client never sends back that cookie, so the load balancer is unable to route the new requests correctly. Note, that this is not a problem of the application that is called, but of JWS itself, as the request to load the Java app from the server is already missing the stickyness cookie. Here is an example from a *client* net trace:
----------------------
Client => Server
GET /someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823 HTTP/1.1
accept-encoding: gzip
User-Agent: JNLP/1.7.0 javaws/11.151.2.12 (<internal>) Java/1.8.0_151
UA-Java-Version: 1.8.0_151
Cache-Control: no-cache
Pragma: no-cache
Host: our.application.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Cookie: LoginCookie=AnUser%7c123%7cde-DE
----------------
Server => Client
HTTP/1.1 200 OK
Date: Mon, 11 Dec 2017 12:16:24 GMT
Server: Microsoft-IIS/8.5
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1596
Content-Type: application/x-java-jnlp-file
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ASP.NET_SessionId=vepnxqr9sym2lyzuhrgu3mk9; path=/; HttpOnly
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Set-Cookie: LVpersistence=kq21422o00000000000000000000ffff0dc11affo443; path=/; Httponly
<?xml version="1.0" encoding="UTF-8"?><jnlp spec="1.0+" codebase="https://our.application.com/someuri/Components/AppName" href="https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823"><information><title>AppName</title><vendor>Some Vendor, Inc.</vendor></information><security><all-permissions /></security><resources><j2se version="1.8+" /><jar href="AppName.jar" /><jar href="AppNameExt.jar" /></resources><application-desc main-class="somevendor.AppName.webstart.AppNameWebStart"><argument>-DocumentURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/Sign</argument><argument>-SignatureFormatType</argument><argument>3</argument><argument>-PostSignedData</argument><argument>on</argument><argument>-PostURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/PostURL/</argument><argument>-FinishURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/FinishURL/</argument><argument>-CancelURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/CancelURL/</argument><argument>-ErrorURL</argument><argument>https://our.application.com/someuri/publicapi/appname/302465FB61294AC6BDB38817A03AE823/ErrorURL/</argument><argument>-ShowUrlsInBrowser</argument><argument>off</argument></application-desc></jnlp>
----------------
Client => Server
GET /someuri/Components/AppName/AppName.jar HTTP/1.1
content-type: application/x-java-archive
accept-encoding: pack200-gzip,gzip
User-Agent: JNLP/1.7.0 javaws/11.151.2.12 (<internal>) Java/1.8.0_151
UA-Java-Version: 1.8.0_151
Cache-Control: no-cache
Pragma: no-cache
Host: our.application.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
If-Modified-Since: Fri, 20 Oct 2017 15:48:25 GMT
Cookie: LoginCookie=AnUser%7c123%7cde-DE; ASP.NET_SessionId=vepnxqr9sym2lyzuhrgu3mk9
As one can see the cookie "LVpersistence" is *not* sent back from the client to the server. This behaviour started as soon as we deployed JRE 1.8.0_151. We did not see that happen before.
REGRESSION. Last worked in version 8u141
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create some Java app to be loaded from the server
2. Access the server through a load balancer
3. Configure the load balancer to add a session stickyness cookie to each response
4. Start the Java App on the client from a web page wie Java Web Start
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
JWS should send back the session stickyness cookie to the load balancer when requesting the jar file of the application to be run on the client and for every request following the first.
ACTUAL -
JWS does not send back the session stickyness cookie.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
No error messages, no crashes.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
There is no source code. Just use any JWS app.
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
No workaround.
- duplicates
-
-
- Resolved
-
- relates to
-
-
- Resolved
-