Bug 456500 - Directory listings enabled at: https://support.redhat.com/jbossnetwork/restricted/
Directory listings enabled at: https://support.redhat.com/jbossnetwork/restri...
Status: CLOSED CURRENTRELEASE
Product: JBoss Customer Support Portal
Classification: Retired
Component: Other (Show other bugs)
MR9
All All
high Severity low
: ---
: ---
Assigned To: Nathan Lugert
:
Depends On: 479422
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-24 01:45 EDT by Takayoshi Kimura
Modified: 2009-03-13 12:23 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-13 12:23:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Takayoshi Kimura 2008-07-24 01:45:01 EDT
Description of problem:

Directory listings enabled at:
https://support.redhat.com/jbossnetwork/restricted/

It's obviously not needed.

Steps to Reproduce:
1. Login and open the URL
  
Actual results:

It shows "knowledge" directory and an jsp error page if I clicked jsp file under
the directory.

https://support.redhat.com/jbossnetwork/restricted/knowledge/editSelection.jsp

Expected results:

404 Not Found

Additional info:
Comment 1 Nathan Lugert 2009-02-18 07:26:08 EST
Added a check in the Servlet filter "SecurityFilter" that if URL is https://support.redhat.com/jbossnetwork/restricted navigate to home page if logged in. If not logged in, navigate user to login page.
Comment 2 Nathan Lugert 2009-02-18 16:00:49 EST
Found a bug where the lastURLSession is https://support.redhat.com/jbossnetwork/restricted then we will still get the directory listing. Need to add to the URI Map in LastURLSession object:

uriMap.put("/restricted/", "/restricted/main.html");

This fixed the problem.

Note You need to log in before you can comment on or make changes to this bug.