[jboss-jira] [JBoss JIRA] (AS7-3042) IPv6: Invalid redirect to Admin console (wrong IP address)

Tue Jan 17 13:23:18 EST 2012

     [ https://issues.jboss.org/browse/AS7-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated AS7-3042:
----------------------------------

    Fix Version/s: Open To Community
                       (was: 7.1.0.Final)
         Assignee:     (was: Darran Lofthouse)

I am postponing this issue for the moment.

The behaviour of the /console context on port 8080 is supposed to be a simple redirect so that out of the box users that connect to 8080 (Most likely out of habit as that is where previous AS management was performed) can be redirected to the admin console on it's dedicated port.

This re-direct however is not intended to be covering every network topology that can be imagined, once a server is moving beyond the initial set up these welcome pages should be switched off and administrators connect directly to the port hosting the admin console.

For this issue one address has been bound to an IPV6 format of the loopback address and the other address to the IPV4 equivalent - really once an administrator has reached this point they are beyond trying to work out where the admin console is accessible from - also we need to be very careful regarding the information returned from port 8080 as we should not be revealing information about the internal network over this connection as we can not actually verify the remote client has access - this is why the check is limited to verifying the same network interface is being used and relying on a best efforts redirect.

> IPv6: Invalid redirect to Admin console (wrong IP address)
> ----------------------------------------------------------
>
>                 Key: AS7-3042
>                 URL: https://issues.jboss.org/browse/AS7-3042
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Console, Web
>    Affects Versions: 7.1.0.Beta1b
>            Reporter: Pavel Janousek
>             Fix For: Open To Community
>
>
> This issue is some derivation from AS7-3040. Lets imagine starting server like this:
> {code}./standalone.sh -Djava.net.preferIPv4Stack=false -Djboss.bind.address=::1{code}
> So by default the admin/management is bound to _::ffff:127.0.0.1:9990_ and _::ffff:127.0.0.1:9999_, but it isn't accessible from Web WelcomePage at _::1:8080_ because the URL is specified as: {code}<a href="/console">{code} and so the next request is http://[::1]:8080/console which redirect requester to http://[::1]:9990, but there isn't any console because it is here - http://[::ffff:127.0.0.1]:9990.
> This is not good as it could lead to integration issues between components (X trying to connect to Y on ::1; Y listening on ::ffff:127.0.0.1).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira