Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 456500

Summary: Directory listings enabled at: https://support.redhat.com/jbossnetwork/restricted/
Product: [Retired] JBoss Customer Support Portal Reporter: Takayoshi Kimura <tkimura>
Component: OtherAssignee: Nathan Lugert <nlugert>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: high    
Version: MR9CC: fmerenda, mamburn, nyancey, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-13 16:23:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Takayoshi Kimura 2008-07-24 05:45:01 UTC
Description of problem:

Directory listings enabled at:
https://support.redhat.com/jbossnetwork/restricted/

It's obviously not needed.

Steps to Reproduce:
1. Login and open the URL
  
Actual results:

It shows "knowledge" directory and an jsp error page if I clicked jsp file under
the directory.

https://support.redhat.com/jbossnetwork/restricted/knowledge/editSelection.jsp

Expected results:

404 Not Found

Additional info:

Comment 1 Nathan Lugert 2009-02-18 12:26:08 UTC
Added a check in the Servlet filter "SecurityFilter" that if URL is https://support.redhat.com/jbossnetwork/restricted navigate to home page if logged in. If not logged in, navigate user to login page.

Comment 2 Nathan Lugert 2009-02-18 21:00:49 UTC
Found a bug where the lastURLSession is https://support.redhat.com/jbossnetwork/restricted then we will still get the directory listing. Need to add to the URI Map in LastURLSession object:

uriMap.put("/restricted/", "/restricted/main.html");

This fixed the problem.