[
https://issues.apache.org/jira/browse/ARTEMIS-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Apache Dev updated ARTEMIS-2979:
--------------------------------
Description:
Accessing the web console when unauthenticated, redirects to Login page.
However, resources accessed by login page itself are also redirected to login
page, resulting in an blank page.
Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}
When the resource {{[http://localhost:8161/console/js/lib-a2ca3f5f1e.js]}} is
retrieved, the following statement in {{LoginRedirectFilter#doFilter}} returns
an empty string:
{code:java}
String path = httpRequest.getServletPath();{code}
Such empty string does not match the unsecured paths, and the request is
redirected to login page.
Same behaviour with other ".js" and ".css" resources.
A more portable way to get such path in filters is the following:
{code:java}
String path =
httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
was:
Accessing the web console when unauthenticated, redirects to Login page.
However, resources accessed by login page itself are also redirected to login
page, resulting in an blank page.
Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}
For example, when the resource
{{http://localhost:8161/console/js/lib-a2ca3f5f1e.js}} is retrieved, the
following statement:
{code}String path = httpRequest.getServletPath();{code}
returns an empty string.
Such empty string does not match the unsecured paths, and the resource is
redirected.
A more portable way to get such path in filters is the following:
{code}String path =
httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
> Web Console cannot be used with security enabled on OpenLiberty
> ---------------------------------------------------------------
>
> Key: ARTEMIS-2979
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2979
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Web Console
> Affects Versions: 2.16.0
> Reporter: Apache Dev
> Priority: Blocker
>
> Accessing the web console when unauthenticated, redirects to Login page.
> However, resources accessed by login page itself are also redirected to
> login page, resulting in an blank page.
> Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}
> When the resource {{[http://localhost:8161/console/js/lib-a2ca3f5f1e.js]}} is
> retrieved, the following statement in {{LoginRedirectFilter#doFilter}}
> returns an empty string:
> {code:java}
> String path = httpRequest.getServletPath();{code}
> Such empty string does not match the unsecured paths, and the request is
> redirected to login page.
> Same behaviour with other ".js" and ".css" resources.
> A more portable way to get such path in filters is the following:
> {code:java}
> String path =
> httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
