[jira] [Commented] (QPID-8176) [Broker-J][WMC] Infinite redirect loop in Web Management Console restart operation when OAuth2 authentication provider is configured on http port

Tue, 01 May 2018 07:36:28 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-8176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16459722#comment-16459722
 ] 

Keith Wall commented on QPID-8176:
----------------------------------

It seems fragile that the web management console needs to know the URL of a 
resource that won't be caught by filtered by the 
{{InteractiveAuthenticationFilter}}.  There doesn't seem to be a away to get 
XMLHttpRequest to 'ping' the server to establish its liveness of the server.  
It will always follow the redirects, regardless of the request method.   
Introducing a special url would seem like overkill.  Accepting change as 
reasonable.

> [Broker-J][WMC] Infinite redirect loop in Web Management Console restart 
> operation when OAuth2 authentication provider is configured on http port
> -------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8176
>                 URL: https://issues.apache.org/jira/browse/QPID-8176
>             Project: Qpid
>          Issue Type: Bug
>    Affects Versions: qpid-java-broker-7.0.3, qpid-java-broker-7.0.2, 
> qpid-java-broker-7.0.0, qpid-java-broker-7.0.1
>            Reporter: Alex Rudyy
>            Assignee: Keith Wall
>            Priority: Major
>             Fix For: qpid-java-broker-7.0.4
>
>
> An implementation of restart operation after invoking of restart method via 
> broker REST API sends periodically requests to "/" in order to check whether 
> broker can respond which would be an indication of finishing the restart.
> When OAuth2-based authentication provider is configured, it tries to 
> authenticate the request and sends the redirects to authorization and token 
> endpoints. Browsers always follow redirects for XHRs or fetch requests, but 
> the redirects can end-up in failure due to issues with origin.  As WMC 
> request to "/" failed,  it is repeated again but none of the attempts can be 
> finished successfully. Thus, the loop became indefinite.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to