Alfresco
  1. Alfresco
  2. ALF-13222

OpenCMIS AtomPub service description URLs don't honour SysAdminParams when building the hostnames

    Details

    • Type: Bug Bug
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 4.0 Enterprise
    • Fix Version/s: Triage
    • Component/s: CMIS and Public API
    • Security Level: external (External user)
    • Labels:
      None

      Description

      The links in the AtomPub service document for the Alfresco OpenCMIS server endpoint are currently built entirely from the http request. The protocol, host and port are all taken from the request.

      This will break in cases where a proxy is in place, as the service links will in that situation use the local hostname rather than the external one

      Instead, we should use a filter (or similar) to wrap the HttpServletRequest for CMIS to instead use the values from the SysAdminParams, which will allow the links to be generated with their external versions.

      Longer term, we should also consider allowing the new filter in OpenCMIS 0.7.0 which allows the use of the X-FORWARDED-HOST header to use the host details before the proxy

      The Chemistry discussions on this are at <http://www.mail-archive.com/dev@chemistry.apache.org/msg01759.html>

        Activity

        Hide
        Derek Hulley added a comment -

        What is the severity and by when do you need it fixed?

        Show
        Derek Hulley added a comment - What is the severity and by when do you need it fixed?
        Hide
        dward added a comment -

        Use mod_proxy_ajp, i.e. use ajp in the URLs rather than http

        Show
        dward added a comment - Use mod_proxy_ajp, i.e. use ajp in the URLs rather than http
        Hide
        dward added a comment -

        Or use the ProxyPreserveHost directive?

        Show
        dward added a comment - Or use the ProxyPreserveHost directive?
        Show
        dward added a comment - http://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache
        Hide
        Nick Burch added a comment -

        Using mod_proxy_ajp or ProxyPreserveHost won't help for the case where you have a load balancer or appliance that does the SSL termination, as the protocol will switch. (Inside will see it as port 80 http, but outside needs port 443 and https)

        Show
        Nick Burch added a comment - Using mod_proxy_ajp or ProxyPreserveHost won't help for the case where you have a load balancer or appliance that does the SSL termination, as the protocol will switch. (Inside will see it as port 80 http, but outside needs port 443 and https)

          People

          • Assignee:
            Steven Glover
            Reporter:
            Nick Burch
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Date of First Response: