You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2020/11/11 16:42:00 UTC

[jira] [Commented] (ARTEMIS-2979) Web Console cannot be used with security enabled on OpenLiberty

    [ https://issues.apache.org/jira/browse/ARTEMIS-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17230081#comment-17230081 ] 

Justin Bertram commented on ARTEMIS-2979:
-----------------------------------------

As the name suggests, the class {{io.hawt.web.auth.LoginRedirectFilter}} is part of the [Hawtio code-base|https://github.com/hawtio/hawtio/blob/master/hawtio-system/src/main/java/io/hawt/web/auth/LoginRedirectFilter.java]. It's not part of ActiveMQ. I recommend you [report the issue to Hawtio|https://github.com/hawtio/hawtio/issues].

> Web Console cannot be used with security enabled on OpenLiberty
> ---------------------------------------------------------------
>
>                 Key: ARTEMIS-2979
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2979
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: 2.16.0
>            Reporter: Apache Dev
>            Priority: Blocker
>
> Accessing the web console when unauthenticated, redirects to Login page.
>  However, resources accessed by login page itself are also redirected to login page, resulting in an blank page.
> Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}
> When the resource {{[http://localhost:8161/console/js/lib-a2ca3f5f1e.js]}} is retrieved, the following statement in {{LoginRedirectFilter#doFilter}} returns an empty string:
> {code:java}
> String path = httpRequest.getServletPath();{code}
> Such empty string does not match the unsecured paths, and the request is redirected to login page.
> Same behaviour with other ".js" and ".css" resources.
> A more portable way to get such path in filters is the following:
> {code:java}
> String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)