[jboss-jira] [JBoss JIRA] Commented: (AS7-1341) Link to console on startup page fails when running in EC2/limited network with any-address

Tue Aug 16 13:50:17 EDT 2011

    [ https://issues.jboss.org/browse/AS7-1341?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621441#comment-12621441 ] 

Darran Lofthouse commented on AS7-1341:
---------------------------------------

Reviewing this issue further the scenarios where we should be able to perform this redirect are limited, for that reason I will reduce the scope of where redirects occur.

Firstly it is intentional that the http interface is using it's own interface definition and port so that access to the admin console is not automatically made available to users that can access the connector exposed by JBoss Web.

The HTTP management service contains a NetworkInterfaceBinding that contains all the network interfaces identified as valid for the interface definition, the approach I will take is to identify the address used for the incoming address and verify that the address is assigned to one of those network interfaces, if so I will then use the host name from the original request to form the redirect.  Using the host name is also important for the https redirects as this forms a part of verifying the certificate from the server so switching to an IP address would fail that verification.

Where the incoming address does not match any of the network interfaces an information / error page will be displayed instead - in that scenario we do not even have sufficient information to identify if the end user can even reach the admin console so we will just avoid leaking internal configuration details.  

> Link to console on startup page fails when running in EC2/limited network with any-address
> ------------------------------------------------------------------------------------------
>
>                 Key: AS7-1341
>                 URL: https://issues.jboss.org/browse/AS7-1341
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Domain Management, Web
>            Reporter: Max Rydahl Andersen
>            Assignee: Darran Lofthouse
>             Fix For: 7.1.0.Alpha1
>
>
> Not sure if this is supposed to work but seems it could be detected and then handled better.
> Started AS7 on an EC2 instance with:
>  <interfaces>
>         <interface name="management">
>             <any-address/>
>         </interface>
>         <interface name="public">
>             <any-address/>
>         </interface>
>     </interfaces>
> to have it actually be available from the outside.
> Then going to http://<echostname>:8080 the http://<echohostname>:8080/console link on the frontpage redirects to http://0.0.0.0:9990/console
> which doesn't resolve to anything anywhere ;)
> I would expect an error page as when the management console is not available at all or at least use the same url as the incoming request.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira