Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-7967

Hawtio: direct url passes to the hawtio page without authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • fuse-7.1
    • fuse-7.0, fuse-7.3
    • Hawtio, Karaf
    • None
    • % %
    • Hide

      1. Open the browser
      2. Type into URL bar any direct link. For example, "http://localhost:8181/hawtio/jmx" (Make sure you are logged out)
      3. It will pass you to the Hawtio page

      Show
      1. Open the browser 2. Type into URL bar any direct link. For example, "http://localhost:8181/hawtio/jmx" (Make sure you are logged out) 3. It will pass you to the Hawtio page
    • Fuse 7.1 Sprint 29

    Description

      It is supposed to be logged in to navigate inside Hawtio page. However, it is possible to specify a direct URL link (for example: "http://localhost:8181/hawtio/osgi") to somewhere and it will pass you without authentication.
      It will not show and load any sensitive information but still it does not look OK.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-10468 [Hawtio] Direct url gives an access to Hawtio without authentication

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-10823 [Hawtio] Direct url gives an access to Hawtio without authentication [7.3.1]

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-10798 [Hawtio] Direct url gives an access to Hawtio without authentication

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              abrianik Alexandre Briani Kieling
              jsolovjo Juri Solovjov
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: