OFBiz OFBiz - Notifications

[jira] [Updated] (OFBIZ-9206) Login and logout process in demos shows a certificate issue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (OFBIZ-9206) Login and logout process in demos shows a certificate issue

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-9206:
-----------------------------------
    Attachment: OFBIZ-9206.patch

OK, it was an easy fix, I just imported
bq. <SystemProperty systemPropertyId="port.https" systemResourceId="url" systemPropertyValue=""/>
in trunk demo and all work perfectly.

I also tried to replace locally
port.https=8443
by
port.https=
in url.properties (w/o SystemProperty) and did not face any issue but with portOffset. This is due to the WebSiteProperties class works and there is also an easy fix: don't add twice the portOffset when it's build from the request, and only then. Keep it as is when it's build from a WebSite GenericValue. We then trust the user and don't rely on the request.

I attach a patch for your tests before I commit and backport and change the demo links.

In this patch I also removed the deprecated RequestHandler.getDefaultServerRootUrl() I think it was time...

> Login and logout process in demos shows a certificate issue
> -----------------------------------------------------------
>
>                 Key: OFBIZ-9206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9206
>             Project: OFBiz
>          Issue Type: Bug
>          Components: Demo
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>         Attachments: OFBIZ-9206.patch
>
>
> When, from the site main page http://ofbiz.apache.org/, you get to the demos depending on browser (tested on Windows 7) you get some issues:
> * FF
> ** Management Apps: OK
> ** Ecommerce: OK
> * Chrome (Management Apps or Ecommerce)
> ** stable: OK
> ** old: KO - If you copy the URL by hand it works, and after even from the main page it works.
> ** trunk: OK
> * IE, same than Chrome
> If, from any browser, you logout from Management Apps you get a certificate issue. Actually as we use HSTS the browsers protect us from any 3rd party intrusions... Same issue when login in.
> So it seems we have a certificate issue after OFBIZ-7928 and INFRA-11960. Maybe it's due to how OFBiz redirects when login in or login out because, so far, only the login page is concerned...



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Free forum by Nabble Edit this page