Re: [VOTE] Apache Archiva 2.2.2
Hi, your logs indicate, that you have set two values for the baseUrl property (maybe in different files) or used a comma separated list. I tried to change the configuration value to a list (i think its indeed better, to configure a list of urls instead of only one), by using UserConfiguration.getList() but found some strange behaviour: If I set the configuration entry from the web UI the value vanishes after restarting the application. Its is the same with the configuration property: security.policy.unlockable.accounts which uses getList() too and if I set a value for this property the value will be removed by the next restart. The values are saved in archiva.xml in redbackRuntimeConfiguration/ configurationProperties/... after changing at the WebGUI. After stopping, archiva.xml is OK and contains the configured value. During startup of archiva the xml-File is written and the configuration entries for rest.BaseUrl and security.policy.unlockable.accounts are replaced by empty tags. Currently I cannot find the place where this happens. And I find it very strange that this behaviour seems to be triggered by the getList() call. Other properties that use getBoolean(), getString() are not removed by a restart. Maybe, it has to do with the type that is used in the registry for these values (List instead String) but currently I'm a bit stuck. Greetings Martin Am Dienstag, 25. April 2017, 21:58:15 CEST schrieb Olivier Lamy: > I will try some debugging as well on the archiva instance. > I think yes you will have to cut an other release. > Perso I don't mind you use a new tag (2.2.3) as you prefer. > But first find the issue :-) > > On 25 April 2017 at 19:01, Martin Stockhammerwrote: > > Yes, you are right. This should be fixed. Currently I don't know why the > > host name doesn't match, but will try to reproduce. Had no reverse proxy > > environment to check this thoroughly. > > But that means I need to create a new version, right? > > > > Cheers > > > > Martin > > > > Am 25. April 2017 09:51:06 MESZ schrieb Olivier Lamy : > >> Hi > >> Yes it's behind a reverse proxy > >> logs says > >> > >> 2017-04-25 07:39:21,524 [qtp1564314458-63] WARN > >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn > >> terceptor [] - Referer Header Host does not match > >> refererUrl=https://archiva-> >> > >> repository.apache.org/archiva/index.html?request_lang=en, targetUrl= > >> http://archiva-repository.apache.org, archiva-repository.apache.org > >> > >> The security.properties contains > >> > >> rest.baseUrl=https://archiva-repository.apache.org (I tried with https > >> as well) > >> > >> The referer header has value: https://archiva-> >> > >> repository.apache.org/archiva/index.html?request_lang=en > >> > >> Activating debug: > >> > >> 2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG > >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn > >> terceptor [] - Referer Header URL found: https://archiva-repository. > >> apache.org/archiva/index.html?request_lang=en > >> > >> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN > >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn > >> terceptor [] - Referer Header Host does not match > >> refererUrl=https://archiva-> >> > >> repository.apache.org/archiva/index.html?request_lang=en, targetUrl= > >> http://archiva-repository.apache.org, archiva-repository.apache.org > >> > >> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN > >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn > >> terceptor [] - HTTP Header check failed. Assuming CSRF attack. > >> > >> > >> Well I can disable that but I'd like to not have too many users > >> complaining :-) > >> > >> On 25 April 2017 at 16:54, Martin Stockhammer > >> > >> wrote: > >>> Hi, > >>> > >>> It's behind a reverse proxy or something similar? > >>> I think it's the request url. It is determined automatically. But you > >>> can set a redback configuration property. > >>> In security.properties set > >>> rest.baseUrl=http://archiva-repository.apache.org > >>> > >>> Cheers > >>> > >>> Martin > >>> > >>> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy : > Hi Martin, > Thanks for your effort with the release!! > Works fine locally, all sigs are ok! > I installed the version for > https://archiva-repository.apache.org/archiva/ > but I have a problem as cannot log anymore because some REST resources > are > marked as 403. > In this particular case: > https://archiva-repository.apache.org/archiva/restServices/archivaServi > ces/commonServices/getAllI18nResources Any idea? > > On 24 April 2017 at 05:01, Martin wrote: > Hi, > > > I think I now have everything ready and I'd like to release Apache > > Archiva > > 2.2.2 > >
Re: [VOTE] Apache Archiva 2.2.2
I will try some debugging as well on the archiva instance. I think yes you will have to cut an other release. Perso I don't mind you use a new tag (2.2.3) as you prefer. But first find the issue :-) On 25 April 2017 at 19:01, Martin Stockhammerwrote: > Yes, you are right. This should be fixed. Currently I don't know why the > host name doesn't match, but will try to reproduce. Had no reverse proxy > environment to check this thoroughly. > But that means I need to create a new version, right? > > Cheers > > Martin > > > > > > > Am 25. April 2017 09:51:06 MESZ schrieb Olivier Lamy : >> >> Hi >> Yes it's behind a reverse proxy >> logs says >> >> 2017-04-25 07:39:21,524 [qtp1564314458-63] WARN >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >> [] - Referer Header Host does not match refererUrl=https://archiva- >> repository.apache.org/archiva/index.html?request_lang=en, targetUrl= >> http://archiva-repository.apache.org, archiva-repository.apache.org >> >> The security.properties contains >> >> rest.baseUrl=https://archiva-repository.apache.org (I tried with https >> as well) >> >> The referer header has value: https://archiva- >> repository.apache.org/archiva/index.html?request_lang=en >> >> Activating debug: >> >> 2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >> [] - Referer Header URL found: https://archiva-repository. >> apache.org/archiva/index.html?request_lang=en >> >> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >> [] - Referer Header Host does not match refererUrl=https://archiva- >> repository.apache.org/archiva/index.html?request_lang=en, targetUrl= >> http://archiva-repository.apache.org, archiva-repository.apache.org >> >> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >> [] - HTTP Header check failed. Assuming CSRF attack. >> >> >> Well I can disable that but I'd like to not have too many users >> complaining :-) >> >> On 25 April 2017 at 16:54, Martin Stockhammer >> wrote: >> >>> Hi, >>> >>> It's behind a reverse proxy or something similar? >>> I think it's the request url. It is determined automatically. But you >>> can set a redback configuration property. >>> In security.properties set >>> rest.baseUrl=http://archiva-repository.apache.org >>> >>> Cheers >>> >>> Martin >>> >>> >>> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy : Hi Martin, Thanks for your effort with the release!! Works fine locally, all sigs are ok! I installed the version for https://archiva-repository.apache.org/archiva/ but I have a problem as cannot log anymore because some REST resources are marked as 403. In this particular case: https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources Any idea? On 24 April 2017 at 05:01, Martin wrote: Hi, > > I think I now have everything ready and I'd like to release Apache > Archiva > 2.2.2 > > Note this vote include some parent poms, and redback core. > > We fixed these issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa? > projectId=12316920=12335832 > > The staging repository is available here: > https://archiva-repository.apache.org/archiva/repository/ > archiva-releases-stage/ > > Dist artifacts here: https://dist.apache.org/repos/dist/dev/archiva/ > > Vote open for 72H > [+1] > [0] > [-1] > > Greetings > -- > Martin Stockhammer >>> -- >>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. >>> >> >> >> >> -- >> Olivier Lamy >> http://twitter.com/olamy | http://linkedin.com/in/olamy >> > > -- > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy
Re: [VOTE] Apache Archiva 2.2.2
Yes, you are right. This should be fixed. Currently I don't know why the host name doesn't match, but will try to reproduce. Had no reverse proxy environment to check this thoroughly. But that means I need to create a new version, right? Cheers Martin Am 25. April 2017 09:51:06 MESZ schrieb Olivier Lamy: >Hi >Yes it's behind a reverse proxy >logs says > >2017-04-25 07:39:21,524 [qtp1564314458-63] WARN >org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >[] - Referer Header Host does not match refererUrl= >https://archiva-repository.apache.org/archiva/index.html?request_lang=en, >targetUrl=http://archiva-repository.apache.org, >archiva-repository.apache.org > >The security.properties contains > >rest.baseUrl=https://archiva-repository.apache.org (I tried with https >as >well) > >The referer header has value: >https://archiva-repository.apache.org/archiva/index.html?request_lang=en > >Activating debug: > >2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG >org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >[] - Referer Header URL found: >https://archiva-repository.apache.org/archiva/index.html?request_lang=en > >2017-04-25 07:49:00,571 [qtp749705282-29] WARN >org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >[] - Referer Header Host does not match refererUrl= >https://archiva-repository.apache.org/archiva/index.html?request_lang=en, >targetUrl=http://archiva-repository.apache.org, >archiva-repository.apache.org > >2017-04-25 07:49:00,571 [qtp749705282-29] WARN >org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor >[] - HTTP Header check failed. Assuming CSRF attack. > > >Well I can disable that but I'd like to not have too many users >complaining >:-) > >On 25 April 2017 at 16:54, Martin Stockhammer >wrote: > >> Hi, >> >> It's behind a reverse proxy or something similar? >> I think it's the request url. It is determined automatically. But you >can >> set a redback configuration property. >> In security.properties set >> rest.baseUrl=http://archiva-repository.apache.org >> >> Cheers >> >> Martin >> >> >> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy > : >>> >>> Hi Martin, >>> Thanks for your effort with the release!! >>> Works fine locally, all sigs are ok! >>> I installed the version for >https://archiva-repository.apache.org/archiva/ >>> but I have a problem as cannot log anymore because some REST >resources are >>> marked as 403. >>> In this particular case: >>> >https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources >>> Any idea? >>> >>> On 24 April 2017 at 05:01, Martin wrote: >>> >>> Hi, I think I now have everything ready and I'd like to release Apache >Archiva 2.2.2 Note this vote include some parent poms, and redback core. We fixed these issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa? projectId=12316920=12335832 The staging repository is available here: https://archiva-repository.apache.org/archiva/repository/ archiva-releases-stage/ Dist artifacts here: >https://dist.apache.org/repos/dist/dev/archiva/ Vote open for 72H [+1] [0] [-1] Greetings -- Martin Stockhammer >>> >>> >>> >>> >>> >> -- >> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. >> > > > >-- >Olivier Lamy >http://twitter.com/olamy | http://linkedin.com/in/olamy -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Re: [VOTE] Apache Archiva 2.2.2
Hi Yes it's behind a reverse proxy logs says 2017-04-25 07:39:21,524 [qtp1564314458-63] WARN org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - Referer Header Host does not match refererUrl= https://archiva-repository.apache.org/archiva/index.html?request_lang=en, targetUrl=http://archiva-repository.apache.org, archiva-repository.apache.org The security.properties contains rest.baseUrl=https://archiva-repository.apache.org (I tried with https as well) The referer header has value: https://archiva-repository.apache.org/archiva/index.html?request_lang=en Activating debug: 2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - Referer Header URL found: https://archiva-repository.apache.org/archiva/index.html?request_lang=en 2017-04-25 07:49:00,571 [qtp749705282-29] WARN org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - Referer Header Host does not match refererUrl= https://archiva-repository.apache.org/archiva/index.html?request_lang=en, targetUrl=http://archiva-repository.apache.org, archiva-repository.apache.org 2017-04-25 07:49:00,571 [qtp749705282-29] WARN org.apache.archiva.redback.rest.services.interceptors.RequestValidationInterceptor [] - HTTP Header check failed. Assuming CSRF attack. Well I can disable that but I'd like to not have too many users complaining :-) On 25 April 2017 at 16:54, Martin Stockhammerwrote: > Hi, > > It's behind a reverse proxy or something similar? > I think it's the request url. It is determined automatically. But you can > set a redback configuration property. > In security.properties set > rest.baseUrl=http://archiva-repository.apache.org > > Cheers > > Martin > > > Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy : >> >> Hi Martin, >> Thanks for your effort with the release!! >> Works fine locally, all sigs are ok! >> I installed the version for https://archiva-repository.apache.org/archiva/ >> but I have a problem as cannot log anymore because some REST resources are >> marked as 403. >> In this particular case: >> https://archiva-repository.apache.org/archiva/restServices/archivaServices/commonServices/getAllI18nResources >> Any idea? >> >> On 24 April 2017 at 05:01, Martin wrote: >> >> Hi, >>> >>> I think I now have everything ready and I'd like to release Apache Archiva >>> 2.2.2 >>> >>> Note this vote include some parent poms, and redback core. >>> >>> We fixed these issues: >>> https://issues.apache.org/jira/secure/ReleaseNote.jspa? >>> projectId=12316920=12335832 >>> >>> The staging repository is available here: >>> https://archiva-repository.apache.org/archiva/repository/ >>> archiva-releases-stage/ >>> >>> Dist artifacts here: https://dist.apache.org/repos/dist/dev/archiva/ >>> >>> Vote open for 72H >>> [+1] >>> [0] >>> [-1] >>> >>> Greetings >>> -- >>> Martin Stockhammer >> >> >> >> >> > -- > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. > -- Olivier Lamy http://twitter.com/olamy | http://linkedin.com/in/olamy