[ENTESB-7967] Hawtio: direct url passes to the hawtio page without authentication - JBoss Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: fuse-7.0
Fix Version/s: fuse-7.1
Component/s: Hawtio, Karaf
Labels:
None
Environment:

Ubuntu 16.04
Chrome Version 65.0.3325.181
JBoss Fuse 7.0.0.fuse-000163

Steps to Reproduce:

Hide

1. Open the browser
2. Type into URL bar any direct link. For example, "http://localhost:8181/hawtio/jmx" (Make sure you are logged out)
3. It will pass you to the Hawtio page

Show
1. Open the browser 2. Type into URL bar any direct link. For example, "http://localhost:8181/hawtio/jmx" (Make sure you are logged out) 3. It will pass you to the Hawtio page
Sprint:
Fuse 7.1 Sprint 29

Description

It is supposed to be logged in to navigate inside Hawtio page. However, it is possible to specify a direct URL link (for example: "http://localhost:8181/hawtio/osgi") to somewhere and it will pass you without authentication.
It will not show and load any sensitive information but still it does not look OK.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

hawtio-authentication-bug.webm
2.81 MB
12/Apr/18 10:37 AM

Activity

People

Assignee:

Alexandre Kieling

Reporter:

Juri Solovjov

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

12/Apr/18 10:41 AM

Updated:

27/Jun/18 9:57 AM

Resolved:

15/May/18 1:17 PM