Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 456500 - Directory listings enabled at: https://support.redhat.com/jbossnetwork/restricted/
Summary: Directory listings enabled at: https://support.redhat.com/jbossnetwork/restri...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Customer Support Portal
Classification: Retired
Component: Other
Version: MR9
Hardware: All
OS: All
high
low
Target Milestone: ---
: ---
Assignee: Nathan Lugert
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-24 05:45 UTC by Takayoshi Kimura
Modified: 2009-03-13 16:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-03-13 16:23:24 UTC
Type: ---


Attachments (Terms of Use)

Description Takayoshi Kimura 2008-07-24 05:45:01 UTC
Description of problem:

Directory listings enabled at:
https://support.redhat.com/jbossnetwork/restricted/

It's obviously not needed.

Steps to Reproduce:
1. Login and open the URL
  
Actual results:

It shows "knowledge" directory and an jsp error page if I clicked jsp file under
the directory.

https://support.redhat.com/jbossnetwork/restricted/knowledge/editSelection.jsp

Expected results:

404 Not Found

Additional info:

Comment 1 Nathan Lugert 2009-02-18 12:26:08 UTC
Added a check in the Servlet filter "SecurityFilter" that if URL is https://support.redhat.com/jbossnetwork/restricted navigate to home page if logged in. If not logged in, navigate user to login page.

Comment 2 Nathan Lugert 2009-02-18 21:00:49 UTC
Found a bug where the lastURLSession is https://support.redhat.com/jbossnetwork/restricted then we will still get the directory listing. Need to add to the URI Map in LastURLSession object:

uriMap.put("/restricted/", "/restricted/main.html");

This fixed the problem.


Note You need to log in before you can comment on or make changes to this bug.