[jira] [Updated] (OFBIZ-9206) Login and logout process in demos shows a certificate issue

Fri, 24 Feb 2017 13:02:31 -0800 

     [ 
https://issues.apache.org/jira/browse/OFBIZ-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jacques Le Roux updated OFBIZ-9206:
-----------------------------------
    Attachment: OFBIZ-9206.patch

OK, it was an easy fix, I just imported
bq. <SystemProperty systemPropertyId="port.https" systemResourceId="url" 
systemPropertyValue=""/>
in trunk demo and all work perfectly.

I also tried to replace locally
port.https=8443
by
port.https=
in url.properties (w/o SystemProperty) and did not face any issue but with 
portOffset. This is due to the WebSiteProperties class works and there is also 
an easy fix: don't add twice the portOffset when it's build from the request, 
and only then. Keep it as is when it's build from a WebSite GenericValue. We 
then trust the user and don't rely on the request.

I attach a patch for your tests before I commit and backport and change the 
demo links.

In this patch I also removed the deprecated 
RequestHandler.getDefaultServerRootUrl() I think it was time...

> Login and logout process in demos shows a certificate issue
> -----------------------------------------------------------
>
>                 Key: OFBIZ-9206
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9206
>             Project: OFBiz
>          Issue Type: Bug
>          Components: Demo
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>         Attachments: OFBIZ-9206.patch
>
>
> When, from the site main page http://ofbiz.apache.org/, you get to the demos 
> depending on browser (tested on Windows 7) you get some issues:
> * FF
> ** Management Apps: OK
> ** Ecommerce: OK
> * Chrome (Management Apps or Ecommerce)
> ** stable: OK
> ** old: KO - If you copy the URL by hand it works, and after even from the 
> main page it works.
> ** trunk: OK
> * IE, same than Chrome
> If, from any browser, you logout from Management Apps you get a certificate 
> issue. Actually as we use HSTS the browsers protect us from any 3rd party 
> intrusions... Same issue when login in.
> So it seems we have a certificate issue after OFBIZ-7928 and INFRA-11960. 
> Maybe it's due to how OFBiz redirects when login in or login out because, so 
> far, only the login page is concerned...



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to