[ https://issues.apache.org/jira/browse/OOZIE-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15952705#comment-15952705 ]
Attila Sasvari commented on OOZIE-2850: --------------------------------------- [~rkanter] I see your point but currently there is no reference to {{oozie.service.CallbackService.base.url}} in the code ({{git grep oozie.service.CallbackService.base.url}} returns only oozie-default.xml). This part (callback handling in secure mode) is handled in {{server/src/main/java/org/apache/oozie/server/guice/ConstraintSecurityHandlerProvider.java}}; the idea was to not limit callback servlet endpoint to HTTPS requests. Here I have just noticed a bug. Currently if HTTPS is enabled, a call to {{/oozie/callback?id=0000008-170318223842826-oozie-asas-W&status=SUCCEEDED}} via HTTP will be rejected with {{HTTP ERROR: 403}} {code} Problem accessing /oozie/versions. Reason: !Secure {code} The problem is the root context path (/oozie) is not added as prefix to the unsecure contraint mapping when [{{setPathSpec()}}|https://github.com/apache/oozie/blob/e3590b420a0914d959f6cd555185ef04640c5801/server/src/main/java/org/apache/oozie/server/guice/ConstraintSecurityHandlerProvider.java#L32] is called on the ConstraintMapping object. In the latest patch I changed the server code so that it reads context path from oozie-default (from oozie.base.url). > Fix default callback notifications > ---------------------------------- > > Key: OOZIE-2850 > URL: https://issues.apache.org/jira/browse/OOZIE-2850 > Project: Oozie > Issue Type: Bug > Reporter: Attila Sasvari > Assignee: Attila Sasvari > Priority: Trivial > Attachments: OOZIE-2850-01.patch > > > Currently oozie.service.CallbackService.base.url in oozie-default.xml is set > to use > [oozie.base.url/callback| > https://github.com/apache/oozie/blob/7c404ad0ea4c61e90e8c86015de25ef196168c29/core/src/main/resources/oozie-default.xml#L1639] > which defaults to > [http://localhost:8080/oozie|https://github.com/apache/oozie/blob/7c404ad0ea4c61e90e8c86015de25ef196168c29/core/src/main/resources/oozie-default.xml#L105]. > As a result, actions finished are not detected by default. (Jetty listens on > HTTP port 11000, see [port in oozie-default.xml | > https://github.com/apache/oozie/blob/7c404ad0ea4c61e90e8c86015de25ef196168c29/core/src/main/resources/oozie-default.xml#L2535]) > {{oozie.http.hostname}} and {{oozie.http.port}} could be used in > {{oozie.base.url}} -- This message was sent by Atlassian JIRA (v6.3.15#6346)