Details
-
Bug
-
Resolution: Done
-
Major
-
JWS31 1.4.2 GA, JWS50 1.2.2 GA
-
None
Description
The regex expression used in the context.xml
Default config:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1"/>
Command for jmproxy when run on IPv4 gives a 403 Forbidden.
# curl -4 -v -u tomcat:tomcat 'http://localhost:8080/manager/jmxproxyT/?get=Catalina%3Atype%3DServer&att=stateName'
The default context.xml looks like:
<!--
Remove the comment markers from around the Valve below to limit access to
the manager application to clients connecting from localhost
-->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
<ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1"/>
The following works for curl commands from JWS host using IPv4:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>
or
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+"/>
We have to add an extra escape "\" to the sed in https://github.com/jboss-openshift/cct_module/blob/master/os-jws-secure-mgmt-console/run.
Attachments
Issue Links
- clones
-
-
- Closed
-
