Bug 777803 (SOA-329)

Summary: SOA-P platform bug for: http://jira.jboss.com/jira/browse/JBPAPP-544
Product: [JBoss] JBoss Enterprise SOA Platform 4 Reporter: Len DiMaggio <ldimaggi>
Component: SecurityAssignee: Jim Ma <ema>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 4.2 Beta 1   
Target Milestone: ---   
Target Release: 4.3 IR5   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-329
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-03 18:59:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
patch4SOA-329.txt none

Description Len DiMaggio 2008-01-15 18:13:56 UTC
Date of First Response: 2008-06-06 11:03:21
project_key: SOA

http://jira.jboss.com/jira/browse/JBPAPP-544 describes a problem in the EAP release - unprotected servlets. The SOA-P release will share the same problem.

Comment 1 Len DiMaggio 2008-01-15 18:14:04 UTC
Link: Added: This issue depends JBPAPP-544


Comment 2 Julian Coleman 2008-06-06 15:03:21 UTC
This doesn't appear to be fixed in EAP 4.3.0 CP01, so the fix will not be in SOA 4.3.0 CP02.

Comment 3 trev 2008-06-30 14:19:06 UTC
It is fixed in EAP 4.3.0.CP01 but the SOA overlay console breaks the fix

Comment 4 Jim Ma 2008-07-11 10:15:38 UTC
This issue is caused by the web.xml in p-consoles is not updated.   When it is patched to SOAP standalone and embeded server, it will overwrite the fix in EAP 4.3.0 .  Attached  the patch for fixing this JIRA issue. Please help me review and apply it. 

Comment 5 Jim Ma 2008-07-11 10:17:27 UTC
Fix for this JIRA .

Comment 6 Jim Ma 2008-07-11 10:17:28 UTC
Attachment: Added: patch4SOA-329.txt


Comment 7 nwallace 2008-09-26 06:30:25 UTC
Link: Added: This issue related SOA-873


Comment 8 Len DiMaggio 2008-10-03 18:59:59 UTC
The tomcat status servlet has been moved under the password-protected web console app:

http://localhost:8080/web-console/status?full=true

Verified in IR5.