Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-431

Not Enforced URLs Are Being Protected by Policy Agent 4.x

    XMLWordPrintable

    Details

      Description

      Normal and usual setup for Web Agent 4.1.0 in OpenAM 13.5.0

      Not Enforced URLs : /myapp/myhub/
      Ignore Path Info for Not Enforced URLs: [Enabled]

      URL for testing : http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=

      [ 4.1.0-7 ]

      2017-04-11 13:45:17.437 +0800   DEBUG [0x7f1fe6b4c700:8616][source/process.c:395] setup_request_data(): 
      method: GET 
      original url: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp-+V2&class_id=10&filter=&grade=Class+3
      proto: http
      host: eave.internal.example.com
      port: 8000
      path: /myapp/myhub/API/myapp/get/allobjectswithtopic
      query: ?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      complete: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1&
      overridden: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      pathinfo: /myhub/API/myapp/get/allobjectswithtopic
      normalized (pathinfo removed): http://eave.internal.example.com:8000/myapp?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      overridden (pathinfo removed): (empty)
      

      It get redirected to OpenAM for authentication

      [ 4.1.0-8]

      method: GET 
      original url: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1&
      proto: http
      host: eave.internal.example.com
      port: 8000
      path: /myapp/myhub/API/myappapp/get/allobjectswithtopic
      query: ?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      complete: http://eave.internal.example.com:8000/myapp/myhub/API/myappapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      overridden: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      pathinfo: 
      normalized (pathinfo removed): (empty)
      overridden (pathinfo removed): (empty)
      

      There is no redirection to OpenAM for authentication

      [ 4.1.0-9 ]

      method: GET
      original url: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      proto: http
      host: eave.internal.example.com
      port: 8000
      path: /myapp/myhub/API/myapp/get/allobjectswithtopic
      query: ?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      complete: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      overridden: http://eave.internal.example.com:8000/myapp/myhub/API/myapp/get/allobjectswithtopic?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      pathinfo: /myhub/API/myapp/get/allobjectswithtopic
      normalized (pathinfo removed): http://eave.internal.example.com:8000/myapp?accesstoken=IN97330accesstkn&board=MyApp+-+V2&class_id=10&filter=&grade=Class+3&iname=ABCD&section=A&status=1
      overridden (pathinfo removed): (empty)
      

      it was redirected to OpenAM for authentication

      Notice that there is a different behavior in 4.1.0-8 ( which is a correct behavior as 3.3.4 )

        Attachments

          Activity

            People

            mareks Mareks Malnacs
            sam.phua Sam Phua
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: