Bug 456500

Summary: Directory listings enabled at: https://support.redhat.com/jbossnetwork/restricted/
Product: [Retired] JBoss Customer Support Portal Reporter: Takayoshi Kimura <tkimura>
Component: OtherAssignee: Nathan Lugert <nlugert>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: high    
Version: MR9CC: fmerenda, mamburn, nyancey, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-13 12:23:24 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 479422    
Bug Blocks:    

Description Takayoshi Kimura 2008-07-24 01:45:01 EDT
Description of problem:

Directory listings enabled at:
https://support.redhat.com/jbossnetwork/restricted/

It's obviously not needed.

Steps to Reproduce:
1. Login and open the URL
  
Actual results:

It shows "knowledge" directory and an jsp error page if I clicked jsp file under
the directory.

https://support.redhat.com/jbossnetwork/restricted/knowledge/editSelection.jsp

Expected results:

404 Not Found

Additional info:
Comment 1 Nathan Lugert 2009-02-18 07:26:08 EST
Added a check in the Servlet filter "SecurityFilter" that if URL is https://support.redhat.com/jbossnetwork/restricted navigate to home page if logged in. If not logged in, navigate user to login page.
Comment 2 Nathan Lugert 2009-02-18 16:00:49 EST
Found a bug where the lastURLSession is https://support.redhat.com/jbossnetwork/restricted then we will still get the directory listing. Need to add to the URI Map in LastURLSession object:

uriMap.put("/restricted/", "/restricted/main.html");

This fixed the problem.