Hi, Our product is going through security review and as per security it is breach if https://localhost:8443/gogo is accessible in any browser without authentication. It is not cache issue as we can access in newly created firefox browser. If there any way to restrict root /gogo URL?
Thanks Srikanth On Fri, Nov 11, 2016 at 8:24 AM, Felix Meschberger <fmesc...@adobe.com> wrote: > Hi Srikanth, > > This, I agree, is not ok. But unless you registerd the web console to the > root /gogo is not a web console URL but something else (or is it typo ?) > > By default authentication is using HTTP Basic authentication which by > browsers is implemented by caching as long as the browser is running. If > your restart the browser or use a different browser, authentication should > be requested. > > Regards > Felix > > > > Am 11.11.2016 um 14:52 schrieb srou...@gmail.com: > > > > Hi, > > In this case https://localhost:8443/gogo directly displays karaf > console without asking webconsole authorization credentials. > > > > Thanks > > Srikanth > > > > Sent from my iPhone > > > >> On Nov 11, 2016, at 3:24 AM, Felix Meschberger <fmesc...@adobe.com> > wrote: > >> > >> Hi Srikanth > >> > >> You are already authenticated when you access the web console. I would > think that the assumption is that double authentication is nonsense. > >> > >> What we discussed earlier would be some form of access control, so that > only certain users may access certain features. But AFAICT there has not > been any work done on this front. > >> > >> Regards > >> Felix > >> > >>> Am 11.11.2016 um 00:51 schrieb Srikanth Routhu <srou...@gmail.com>: > >>> > >>> Hi, > >>> > >>> We are using Karaf 3.0.7 along with webconsole which is authenticated > >>> using realm. SSH also uses realm for authentication. But from firefox > >>> browser https://localhost:8443/gogo link directly access Karaf console > >>> without any authentication. How can we restrict access. > >>> > >>> Tried restricting “/gogo/*” from web.xml but unsuccessful. > >>> > >>> > >>> > >>> Appreciate your help. > >>> > >>> > >>> > >>> Thanks > >>> > >>> Srikanth > >> > >
