Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-7967

Hawtio: direct url passes to the hawtio page without authentication

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • fuse-7.1
    • fuse-7.0, fuse-7.3
    • Hawtio, Karaf
    • None
    • % %
    • Hide

      1. Open the browser
      2. Type into URL bar any direct link. For example, "http://localhost:8181/hawtio/jmx" (Make sure you are logged out)
      3. It will pass you to the Hawtio page

      Show
      1. Open the browser 2. Type into URL bar any direct link. For example, "http://localhost:8181/hawtio/jmx" (Make sure you are logged out) 3. It will pass you to the Hawtio page
    • Fuse 7.1 Sprint 29

      It is supposed to be logged in to navigate inside Hawtio page. However, it is possible to specify a direct URL link (for example: "http://localhost:8181/hawtio/osgi") to somewhere and it will pass you without authentication.
      It will not show and load any sensitive information but still it does not look OK.

        1. hawtio-authentication-bug.webm
          2.81 MB

            abrianik Alexandre Briani Kieling
            jsolovjo Juri Solovjov
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: