You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by Andras Salamon <an...@melda.info> on 2019/02/07 12:40:20 UTC
Review Request 69916: OOZIE-3427 - Use best practices in HTTP response
headers
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/
-----------------------------------------------------------
Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
Repository: oozie-git
Description
-------
OOZIE-3427 - Use best practices in HTTP response headers
Diffs
-----
core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java PRE-CREATION
core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java PRE-CREATION
server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
Diff: https://reviews.apache.org/r/69916/diff/1/
Testing
-------
Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
$ wget -qS http://localhost:11000/oozie/index.jsp
HTTP/1.1 200 OK
Date: Thu, 07 Feb 2019 09:44:32 GMT
X-Frame-Options: DENY
Content-Type: text/html;charset=utf-8
Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 3739
Thanks,
Andras Salamon
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by Andras Salamon <an...@melda.info>.
> On Feb. 7, 2019, 12:58 p.m., Zsombor Gegesy wrote:
> > core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java
> > Lines 36 (patched)
> > <https://reviews.apache.org/r/69916/diff/1/?file=2124183#file2124183line36>
> >
> > Having this generic name is a bit misleading, in my opinion. FrameOptionFilter would be better, or, you can name it as HTTPResponseHeaderFilter, and make it configurable.
We plan to add more filters later, so I'd use a more generic name. Configurable in oozie-site.xml? That would make easier to add new response headers, but it would also allow the users to turn off our safety headers.
- Andras
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212625
-----------------------------------------------------------
On Feb. 7, 2019, 12:40 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 12:40 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/1/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by Zsombor Gegesy <zs...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212625
-----------------------------------------------------------
core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java
Lines 36 (patched)
<https://reviews.apache.org/r/69916/#comment298445>
Having this generic name is a bit misleading, in my opinion. FrameOptionFilter would be better, or, you can name it as HTTPResponseHeaderFilter, and make it configurable.
- Zsombor Gegesy
On Feb. 7, 2019, 12:40 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 12:40 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/1/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by Zsombor Gegesy <zs...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212638
-----------------------------------------------------------
Ship it!
Ship It!
- Zsombor Gegesy
On Feb. 7, 2019, 3:48 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 3:48 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HttpResponseHeaderFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java ce731a16b
> core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java bc469e260
> core/src/test/java/org/apache/oozie/servlet/TestBulkMonitorWebServiceAPI.java b4054b05f
> core/src/test/java/org/apache/oozie/servlet/TestHttpResponseHeaderFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java 58543e6fd
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/2/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by András Piros via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212639
-----------------------------------------------------------
Ship it!
Ship It!
- András Piros
On Feb. 7, 2019, 3:48 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 3:48 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HttpResponseHeaderFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java ce731a16b
> core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java bc469e260
> core/src/test/java/org/apache/oozie/servlet/TestBulkMonitorWebServiceAPI.java b4054b05f
> core/src/test/java/org/apache/oozie/servlet/TestHttpResponseHeaderFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java 58543e6fd
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/2/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by András Piros via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212636
-----------------------------------------------------------
Changes look good to me. Waiting on Zsombor Gegesy's last review comment to clean up.
- András Piros
On Feb. 7, 2019, 3:48 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 3:48 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HttpResponseHeaderFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java ce731a16b
> core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java bc469e260
> core/src/test/java/org/apache/oozie/servlet/TestBulkMonitorWebServiceAPI.java b4054b05f
> core/src/test/java/org/apache/oozie/servlet/TestHttpResponseHeaderFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java 58543e6fd
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/2/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by Andras Salamon <an...@melda.info>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/
-----------------------------------------------------------
(Updated Feb. 7, 2019, 3:48 p.m.)
Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
Changes
-------
Addressing reviewer comments.
Repository: oozie-git
Description
-------
OOZIE-3427 - Use best practices in HTTP response headers
Diffs (updated)
-----
core/src/main/java/org/apache/oozie/servlet/HttpResponseHeaderFilter.java PRE-CREATION
core/src/test/java/org/apache/oozie/servlet/DagServletTestCase.java ce731a16b
core/src/test/java/org/apache/oozie/servlet/TestAuthFilterAuthOozieClient.java bc469e260
core/src/test/java/org/apache/oozie/servlet/TestBulkMonitorWebServiceAPI.java b4054b05f
core/src/test/java/org/apache/oozie/servlet/TestHttpResponseHeaderFilter.java PRE-CREATION
server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java 58543e6fd
webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
Diff: https://reviews.apache.org/r/69916/diff/2/
Changes: https://reviews.apache.org/r/69916/diff/1-2/
Testing
-------
Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
$ wget -qS http://localhost:11000/oozie/index.jsp
HTTP/1.1 200 OK
Date: Thu, 07 Feb 2019 09:44:32 GMT
X-Frame-Options: DENY
Content-Type: text/html;charset=utf-8
Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 3739
Thanks,
Andras Salamon
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by Andras Salamon <an...@melda.info>.
> On Feb. 7, 2019, 1:06 p.m., András Piros wrote:
> > core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java
> > Lines 36 (patched)
> > <https://reviews.apache.org/r/69916/diff/1/?file=2124184#file2124184line36>
> >
> > While this only test case is OK with me, can you please add more to this:
> >
> > * clickjacking attempt should result unsuccessful
> > * normal HTTP servlet, e.g. `VersionServlet`, gives also this HTTP response header
The servlet classes do not deal with the response headers, so I cannot add testing there (I tried to add it to TestVersionServlet).
We have several test containers where we add the filter mappings (e.g. TestAuthFilterAuthOozieClient). I've added this new filter to the filter mappings, so it will test if it ruins the other filters or not. Creating a new test looks quite useless if I need to add this mapping in the test code, my test code would check the test code, not the real one.
I've modified TestEmbeddedOozieServer and test if the oozieFilterMapper.addFilters method is called which shoes that we really add the filters.
- Andras
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212626
-----------------------------------------------------------
On Feb. 7, 2019, 12:40 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 12:40 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/1/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by Andras Salamon <an...@melda.info>.
> On Feb. 7, 2019, 1:06 p.m., András Piros wrote:
> > core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java
> > Lines 44 (patched)
> > <https://reviews.apache.org/r/69916/diff/1/?file=2124184#file2124184line44>
> >
> > Why do we need `AtomicBoolean` here?
We want to modify the value from an inner class so we need final (or effective final) here. I copied the trick from TestHostnameFilter.
- Andras
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212626
-----------------------------------------------------------
On Feb. 7, 2019, 12:40 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 12:40 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/1/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>
Re: Review Request 69916: OOZIE-3427 - Use best practices in HTTP
response headers
Posted by András Piros via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69916/#review212626
-----------------------------------------------------------
core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java
Lines 36 (patched)
<https://reviews.apache.org/r/69916/#comment298447>
Please give this a more descriptive and specific name like `HttpResponseHeadersFilter`.
core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java
Lines 69-70 (patched)
<https://reviews.apache.org/r/69916/#comment298448>
Shouldn't we first call `chain.doFilter()`, and then add the response header(s) to possibly avoid setting them to `null` in a later call down the filter chain?
core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java
Lines 36 (patched)
<https://reviews.apache.org/r/69916/#comment298450>
While this only test case is OK with me, can you please add more to this:
* clickjacking attempt should result unsuccessful
* normal HTTP servlet, e.g. `VersionServlet`, gives also this HTTP response header
core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java
Lines 39 (patched)
<https://reviews.apache.org/r/69916/#comment298449>
Please rename to `testXFrameOptionAgainstClickjackingAdded()`.
core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java
Lines 44 (patched)
<https://reviews.apache.org/r/69916/#comment298446>
Why do we need `AtomicBoolean` here?
- András Piros
On Feb. 7, 2019, 12:40 p.m., Andras Salamon wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69916/
> -----------------------------------------------------------
>
> (Updated Feb. 7, 2019, 12:40 p.m.)
>
>
> Review request for oozie, Denes Bodo, Kinga Marton, and Mate Juhasz.
>
>
> Repository: oozie-git
>
>
> Description
> -------
>
> OOZIE-3427 - Use best practices in HTTP response headers
>
>
> Diffs
> -----
>
> core/src/main/java/org/apache/oozie/servlet/HTTPResponseFilter.java PRE-CREATION
> core/src/test/java/org/apache/oozie/servlet/TestHTTPResponseFilter.java PRE-CREATION
> server/src/main/java/org/apache/oozie/server/FilterMapper.java 3dc9be815
> webapp/src/main/webapp/WEB-INF/web.xml 2edbdf153
>
>
> Diff: https://reviews.apache.org/r/69916/diff/1/
>
>
> Testing
> -------
>
> Tested embedded jetty and war installed to a local tomcat. Local tomcat was hardly working, but at least I was able to test /versions.
>
> $ wget -qS http://localhost:11000/oozie/index.jsp
> HTTP/1.1 200 OK
> Date: Thu, 07 Feb 2019 09:44:32 GMT
> X-Frame-Options: DENY
> Content-Type: text/html;charset=utf-8
> Set-Cookie: JSESSIONID=1lx0y9fy2pd6n1rh911vc2l1sd;Path=/oozie
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Content-Length: 3739
>
>
> Thanks,
>
> Andras Salamon
>
>