Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1007

Invert Not Enforced URI property does not work for java agent 5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0.0
    • Fix Version/s: 5.0.0.0
    • Component/s: J2EE Agents
    • Labels:
    • Environment:
      Tomcat / Version: 5.0.0-M1 / Build Date: 20170823

      Description

      Invert Not Enforced URI property does not work for java agent 5.

      Inverts protection of URIs specified in Not Enforced URIs list. When set to true, it indicates that the URIs specified should be enforced and all other URIs should be not enforced by the Agent. (property name: com.sun.identity.agents.config.notenforced.uri.invert)

      Steps to Reproduce

      1.) Set NEU and invert it, go to Agent profil / Applications / Not Enforced Processing

      2.) Case A: Hit the page from NEU rules list: /frqa/index.jsp
      Observed result: you see the page without login
      Expected result: Page is protected and you will be redirected to AM login page

      2.) Case B: Hit different page than in NEU rules list, /frqa/ShowServlet
      Observed Result: Redirected to AM login page
      Expected Result: See page without login

       As can be seen in following logs inverting NEU is not handle. (logs for case A)

      2017-08-24 01:44:52:053 PM BST: http-nio-8080-exec-1/5/main
      URLPatternMatcher.match(http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp): matching by pattern: http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp
      2017-08-24 01:44:52:054 PM BST: http-nio-8080-exec-1/5/main
      HttpURLResourceName.compare: request resource=http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp; policy resource=http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp
      2017-08-24 01:44:52:054 PM BST: http-nio-8080-exec-1/5/main
      URLPatternMatcher.match(http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp): matched by pattern: http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp result = exact_match
      2017-08-24 01:44:52:054 PM BST: http-nio-8080-exec-1/5/main
      NotEnforcedRulePatternMatcher: classic pattern: http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp url: http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp gave: true
      2017-08-24 01:44:52:055 PM BST: http-nio-8080-exec-1/5/main
      NotEnforcedRuleHelper.isNotEnforced(http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp, 172.25.1.224, GET) gave a match ALL Classic URLRule will GRANT resource [http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp]
      2017-08-24 01:44:52:055 PM BST: http-nio-8080-exec-1/5/main
      NotEnforcedTaskHandler: The request URI http://riso-ubuntu14.test.forgerock.com:8080/frqa/index.jsp was found in NOT Enforced List
      2017-08-24 01:44:52:055 PM BST: http-nio-8080-exec-1/5/main
      Configuration: id => com.sun.identity.agents.config.amFilter.notenforced.refresh.session.idletime, value => null
      2017-08-24 01:44:52:056 PM BST: http-nio-8080-exec-1/5/main
      No configuration value for: com.sun.identity.agents.config.amFilter.notenforced.refresh.session.idletime, trying : com.sun.identity.agents.config.notenforced.refresh.session.idletime
      2017-08-24 01:44:52:056 PM BST: http-nio-8080-exec-1/5/main
      Configuration: id => com.sun.identity.agents.config.notenforced.refresh.session.idletime, value => false
      2017-08-24 01:44:52:057 PM BST: http-nio-8080-exec-1/5/main
      

        Attachments

          Activity

            People

            Assignee:
            rich.riley Rich Riley [X] (Inactive)
            Reporter:
            richard.hruza Richard Hruza
            QA Assignee:
            Richard Hruza Richard Hruza
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: