Robert Kanter created OOZIE-1414:
------------------------------------
Summary: Configuring Oozie for HTTPS still allows HTTP connections
to all resources
Key: OOZIE-1414
URL: https://issues.apache.org/jira/browse/OOZIE-1414
Project: Oozie
Issue Type: Bug
Components: security
Reporter: Robert Kanter
Assignee: Robert Kanter
Priority: Blocker
Fix For: trunk, 4.0.0
When you run {{oozie-setup.sh prepare-war -secure}} it is supposed to replace
server.xml with ssl-server.xml (in the oozie-server/conf/ dir) and web.xml with
ssl-web.xml (in the WAR file).
OOZIE-670 changed oozie-setup.sh to prepare the war file without calling
addtowar.sh. However, the code added by OOZIE-1233 and OOZIE-1268 still
delegates replacing web.xml with ssl-web.xml to addtowar.sh, which
oozie-setup.sh no longer calls.
Therefore, when you try to configure Oozie for HTTPS, it will use the original
web.xml file; which means that {color:red}all resources are accessible from
both HTTPS and *HTTP*.{color}
This isn't an issue in Oozie 3.3.2 because it didn't include OOZIE-670, so
addtowar.sh was still called.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
