[
https://issues.apache.org/jira/browse/ARTEMIS-2979?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17230476#comment-17230476
]
Apache Dev commented on ARTEMIS-2979:
-------------------------------------
Hi [~jbertram],
sure, the fix has to be applied to the Hawtio codebase. I personally tried it
with success patching the "hawtio-system-2.11.0.jar" lib inside Artemis
console.war.
I will suggest the fix to Hawtio project.
However, I think this issue could be kept open, or a new task should be
created, in order to integrate the future Hawtio fix in Artemis codebase. If
it's ok for you, I will track the Hawtio issue and create an Artemis task
accordingly.
Thanks
> Web Console cannot be used with security enabled on OpenLiberty
> ---------------------------------------------------------------
>
> Key: ARTEMIS-2979
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2979
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Web Console
> Affects Versions: 2.16.0
> Reporter: Apache Dev
> Priority: Blocker
>
> Accessing the web console when unauthenticated, redirects to Login page.
> However, resources accessed by login page itself are also redirected to
> login page, resulting in an blank page.
> Issue depends on Hawtio class: {{io.hawt.web.auth.LoginRedirectFilter}}
> When the resource {{[http://localhost:8161/console/js/lib-a2ca3f5f1e.js]}} is
> retrieved, the following statement in {{LoginRedirectFilter#doFilter}}
> returns an empty string:
> {code:java}
> String path = httpRequest.getServletPath();{code}
> Such empty string does not match the unsecured paths, and the request is
> redirected to login page.
> Same behaviour with other ".js" and ".css" resources.
> A more portable way to get such path in filters is the following:
> {code:java}
> String path =
> httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
