Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-3914

Access to swagger /kie-server/docs return Forbidden when integrating with RHSSO

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • 7.11.1.GA
    • Kie-Server
    • False
    • False
    • Hide

      1) Integrate RHPAM with RHSSO following official documentation.link title

      2) Start the kie server instance.

      3) Access ""http://localhost:8080/kie-server/docs/" URL.

      Show
      1) Integrate RHPAM with RHSSO following official documentation. link title 2) Start the kie server instance. 3) Access ""http://localhost:8080/kie-server/docs/" URL.
    • 2021 Week 40-42 (from Oct 4), 2021 Week 43-45 (from Oct 25), 2021 Week 46-48 (from Nov 15), 2021 Week 49-51 (from Dec 6th), 2022 Week 02-04 (from Jan 10), 2022 Week 05-07 (from Jan 31), 2022 Week 08-10 (from Feb 21)

    Description

      Accessing "http://localhost:8080/kie-server/docs/" URL throws forbidden (403 status code) when RHPAM is integrated with RHSSO following [documentation| https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.11/html-single/integrating_red_hat_process_automation_manager_with_other_products_and_components/index#sso-kie-server-con_integrate-sso
      ].

      On debugging we found that the swagger URL is accessible if we remove the below line from "

      {RHPAM_Home}

      /standalone/deployments/kie-server.war/WEB-INF/web.xml"

      ~~~
      <deny-uncovered-http-methods />
      ~~~

      We are able to access all individual kie-server REST API URL and also able to access "business-central/docs" URL.

      Issue is always reproducible with RHSSO.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-23166 [GSS](7.4.z) UNDERTOW-2211 <deny-uncovered-http-methods /> causes forbidden access for anonymous resources access.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rhn-support-egonzale Enrique Gonzalez Martinez (Inactive)
              rhn-support-sudnair Sudhish Nair
              Karel Suta Karel Suta
              Karel Suta Karel Suta
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: