Alfresco
  1. Alfresco
  2. ALF-13222

OpenCMIS AtomPub service description URLs don't honour SysAdminParams when building the hostnames

    Details

    • Type: Bug Bug
    • Status: New (View Workflow)
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 4.0 Enterprise
    • Fix Version/s: Triage
    • Component/s: CMIS and Public API
    • Security Level: external (External user)
    • Labels:
      None
    • Triage:
      To Do

      Description

      The links in the AtomPub service document for the Alfresco OpenCMIS server endpoint are currently built entirely from the http request. The protocol, host and port are all taken from the request.

      This will break in cases where a proxy is in place, as the service links will in that situation use the local hostname rather than the external one

      Instead, we should use a filter (or similar) to wrap the HttpServletRequest for CMIS to instead use the values from the SysAdminParams, which will allow the links to be generated with their external versions.

      Longer term, we should also consider allowing the new filter in OpenCMIS 0.7.0 which allows the use of the X-FORWARDED-HOST header to use the host details before the proxy

      The Chemistry discussions on this are at <http://www.mail-archive.com/dev@chemistry.apache.org/msg01759.html>

        Activity

        Hide
        Derek Hulley added a comment -

        What is the severity and by when do you need it fixed?

        Show
        Derek Hulley added a comment - What is the severity and by when do you need it fixed?
        Hide
        Dave Ward [X] (Inactive) added a comment -

        Use mod_proxy_ajp, i.e. use ajp in the URLs rather than http

        Show
        Dave Ward [X] (Inactive) added a comment - Use mod_proxy_ajp, i.e. use ajp in the URLs rather than http
        Hide
        Dave Ward [X] (Inactive) added a comment -

        Or use the ProxyPreserveHost directive?

        Show
        Dave Ward [X] (Inactive) added a comment - Or use the ProxyPreserveHost directive?
        Show
        Dave Ward [X] (Inactive) added a comment - http://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache
        Hide
        Nick Burch added a comment -

        Using mod_proxy_ajp or ProxyPreserveHost won't help for the case where you have a load balancer or appliance that does the SSL termination, as the protocol will switch. (Inside will see it as port 80 http, but outside needs port 443 and https)

        Show
        Nick Burch added a comment - Using mod_proxy_ajp or ProxyPreserveHost won't help for the case where you have a load balancer or appliance that does the SSL termination, as the protocol will switch. (Inside will see it as port 80 http, but outside needs port 443 and https)

          People

          • Assignee:
            PO Unassigned
            Reporter:
            Nick Burch
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Date of First Response: