You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Matt Hogstrom (JIRA)" <de...@geronimo.apache.org> on 2006/02/02 07:18:38 UTC

[jira] Closed: (GERONIMO-1489) Minor fixes/updates to jUDDI webapp and Tomcat config

     [ http://issues.apache.org/jira/browse/GERONIMO-1489?page=all ]
     
Matt Hogstrom closed GERONIMO-1489:
-----------------------------------

    Resolution: Fixed

Left the build information intact from patch2.  Other hunks applied.

Patches applied to branches/1.0

Sending        1.0/applications/uddi-server/src/webapp/WEB-INF/web.xml
Sending        1.0/applications/uddi-server/src/webapp/happyjuddi.jsp
Sending        1.0/configs/uddi-tomcat/src/plan/plan.xml
Transmitting file data ...
Committed revision 374278.

trunk

Sending        applications/uddi-server/src/webapp/WEB-INF/web.xml
Sending        applications/uddi-server/src/webapp/happyjuddi.jsp
Sending        configs/uddi-tomcat/src/plan/plan.xml
Transmitting file data ...
Committed revision 374281.

> Minor fixes/updates to jUDDI webapp and Tomcat config
> -----------------------------------------------------
>
>          Key: GERONIMO-1489
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1489
>      Project: Geronimo
>         Type: Bug
>   Components: sample apps, security
>     Versions: 1.0
>  Environment: AG 1.0 on WinXP w/ Sun JDK 1.4.2_08
>     Reporter: Donald Woods
>     Assignee: Donald Woods
>     Priority: Minor
>      Fix For: 1.0.1, 1.1
>  Attachments: Geronimo-1489_part1.patch, Geronimo-1489_part2.patch, Geronimo-1489_part3.patch
>
> When user accesses the console displayed webapp location of jUDDI at -
>    http://localhost:8080/juddi
> Part 1 - they are presented with a directory listing with happyjuddi.jsp in it instead of the JSP automatically loading.
> Part 2 - when they click on the JSP, the page loads and shows system properties, which should not be displayed as any user has access to this JSP and some of the information could be used to try and hack into the system (like username and OS info)
> Part 3 - the uddi-tomcat configuration creates a uddi-jetty directory in the config store instead of the expected uddi-tomcat
> 3 separate patches will be attached for the above using the latest 1.0 branch code.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira