You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Apache Dev (Jira)" <ji...@apache.org> on 2020/11/10 11:13:00 UTC

[jira] [Updated] (ARTEMIS-2979) Web Console cannot be used with security enabled on OpenLiberty

     [ https://issues.apache.org/jira/browse/ARTEMIS-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Apache Dev updated ARTEMIS-2979:
--------------------------------
    Description: 
Accessing the web console when unauthenticated, redirects to Login page.
 However, resources accessed by login page itself are also redirected to login page, resulting in an blank page.

Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}

When the resource {{[http://localhost:8161/console/js/lib-a2ca3f5f1e.js]}} is retrieved, the following statement in {{LoginRedirectFilter#doFilter}} returns an empty string:
{code:java}
String path = httpRequest.getServletPath();{code}
Such empty string does not match the unsecured paths, and the request is redirected to login page.

Same behaviour with other ".js" and ".css" resources.

A more portable way to get such path in filters is the following:
{code:java}
String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
 

  was:
Accessing the web console when unauthenticated, redirects to Login page.
However, resources accessed by login page itself are also redirected to login page, resulting in an blank page.

Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}

For example, when the resource {{http://localhost:8161/console/js/lib-a2ca3f5f1e.js}} is retrieved, the following statement:
{code}String path = httpRequest.getServletPath();{code}
returns an empty string.
Such empty string does not match the unsecured paths, and the resource is redirected.

A more portable way to get such path in filters is the following:
{code}String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}


> Web Console cannot be used with security enabled on OpenLiberty
> ---------------------------------------------------------------
>
>                 Key: ARTEMIS-2979
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2979
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: 2.16.0
>            Reporter: Apache Dev
>            Priority: Blocker
>
> Accessing the web console when unauthenticated, redirects to Login page.
>  However, resources accessed by login page itself are also redirected to login page, resulting in an blank page.
> Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}
> When the resource {{[http://localhost:8161/console/js/lib-a2ca3f5f1e.js]}} is retrieved, the following statement in {{LoginRedirectFilter#doFilter}} returns an empty string:
> {code:java}
> String path = httpRequest.getServletPath();{code}
> Such empty string does not match the unsecured paths, and the request is redirected to login page.
> Same behaviour with other ".js" and ".css" resources.
> A more portable way to get such path in filters is the following:
> {code:java}
> String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)