Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7252

OpenAM 12 denies access to URL including repetition of the same word

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Expired
    • Affects Version/s: 12.0.0
    • Fix Version/s: None
    • Component/s: policy, policy editor
    • Labels:
      None
    • Environment:
      Tomcat 6 Agent 3.0.3
      Java(TM) SE Runtime Environment (build 1.6.0_35-b10)
      Java HotSpot(TM) 64-Bit Server VM (build 20.10-b01, mixed mode)
      CentOS 6.5
    • Rank:
      1|hzqefj:
    • Support Ticket IDs:

      Description

      OpenAM 11.0.0 can allow to unconfigure port number of protected resources. For example:

      https://app.example.com/web/* 
      

      However, OpenAM 12.0.0 (policy editor) cannot allow it. Therefore the URL need to be changed to:

      https://app.example.com:*/web/*
      

      With this policy configuration, accessing to the following URL (including repetition of the same word such as "web" / "WEB") results in HTTP 404 error:

      https://app.example.com/web/WEB-AP1/app.jsp

      OpenAM finally determines that the URL is "sub_resource_match" instead of "wildcard_match". This problem may be caused by using String.lastIndexOf() to compare URLs.

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              kohei kohei
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: