Page 2 of 2

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 2:20 pm
by jonjon
For some reason, we have a redirect POST to GET (302 redirect) from relay response...in tomcat.

that might be the case where response from authorize.net got null value...
------------
66.185.185.5 - - [22/May/2013:19:12:50 +0000] "POST /main/checkout/process HTTP/1.1" 302 -
66.185.185.5 - - [22/May/2013:19:12:50 +0000] "GET /main/checkout/process HTTP/1.1" 404 952
------------

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 2:28 pm
by jonjon
Note: RFC 1945 and RFC 2068 specify that the client is not allowed
to change the method on the redirected request. However, most
existing user agent implementations treat 302 as if it were a 303
response, performing a GET on the Location field-value regardless
of the original request method. The status codes 303 and 307 have
been added for servers that wish to make unambiguously clear which
kind of reaction is expected of the client.

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 3:12 pm
by phillipuniverse
Hm, this is an interesting case you've got here. We have noticed this behavior before, but extremely infrequently and could not successfully determine the cause.

What you've presented seems like a valid reason as to why this is getting dropped on the floor, although if it redirects from POST to GET and then returns a 404, it seems like it would never make it to your application code at all.

What is your '/main/checkout/process' method in your controller annotated with? I believe the Authorize.net docs say that it sends a POST to your application, so it should be annotated with @RequestMapping(method=RequestMethod.POST).

Another thing I would check is your http vs https configuration. I know Authorize.net will error out if it tries to connect to an https URL that has an invalid certificate, which could happen if you are on some QA/dev server that doesn't have the right SSL certificates installed. The fix for this would be to configure spring security to use http for the process url on your QA/dev server, but then use https for production (where the certificates should be installed).

Keep us posted on additional information you find. Thanks!

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 6:56 pm
by jonjon
Actually, If I use

@RequestMapping(value = "/process", method = RequestMethod.POST, produces = "text/html")

then, there is error which it could not find the GET method. If I change to

@RequestMapping(value = "/process", method = RequestMethod.POST, produces = "text/html")
or @RequestMapping(value = "/process", produces = "text/html")

then I got the response in the controller but the parameter array in request object is null (size = 0) and the request object itself is not null (I guess it might be round trip redirection in which payment gateway got redirected from POST to GET and no parameter value attached in the response, or got cut off because of length limit with GET method)

So, the redirection from POST to GET happened even before url mapping occur in spring framework. I did check to see if any rewrite rule..but I don't see any (No .htaccess file).

This might be an issue if this is the default behavior for some browsers...

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 6:58 pm
by jonjon
correction:

@RequestMapping(value = "/process", method = RequestMethod.GET, produces = "text/html")
or @RequestMapping(value = "/process", produces = "text/html")

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 6:59 pm
by jonjon
my server has public domain... valid certificate from goDaddy.

Re: Error in DPM with authorize.net

Posted: Wed May 22, 2013 7:15 pm
by jonjon
I try to work around this issue by using AIM

so, instead of posting to gateway, we will process the debit of credit card in controller, getting the result, create the object for request and pass it to

processAuthorizeNetAuthorizeAndDebit(request, response, model).

Does it work this way?

I am not familiar with all the flow/activities....stuff.