archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin <marti...@apache.org>
Subject Re: [VOTE] Apache Archiva 2.2.2
Date Tue, 25 Apr 2017 22:00:23 GMT
Hi,

your logs indicate, that you have set two values for the baseUrl property 
(maybe in different files) or used a comma separated list.

I tried to change the configuration value to a list (i think its indeed 
better, to configure a list of urls instead of only one), by using 
UserConfiguration.getList() but found some strange behaviour:
If I set the configuration entry from the web UI the value vanishes after 
restarting the application.
Its is the same with the configuration property:
  security.policy.unlockable.accounts
which uses getList() too and if I set a value for this property the value will 
be removed by the next restart.
The values are saved in archiva.xml in redbackRuntimeConfiguration/
configurationProperties/... after changing at the WebGUI.
After stopping, archiva.xml is OK and contains the configured value.
During startup of archiva the xml-File is written and the configuration 
entries for rest.BaseUrl and  security.policy.unlockable.accounts are replaced 
by empty tags.
Currently I cannot find the place where this happens. And I find it very 
strange that this behaviour seems to be triggered by the getList() call. Other 
properties that use getBoolean(), getString() are not removed by a restart.

Maybe, it has to do with the type that is used in the registry for these 
values (List instead String) but currently I'm a bit stuck.  

Greetings

Martin



Am Dienstag, 25. April 2017, 21:58:15 CEST schrieb Olivier Lamy:
> I will try some debugging as well on the archiva instance.
> I think yes you will have to cut an other release.
> Perso I don't mind you use a new tag (2.2.3) as you prefer.
> But first find the issue :-)
> 
> On 25 April 2017 at 19:01, Martin Stockhammer <martin_s@apache.org> wrote:
> > Yes, you are right. This should be fixed. Currently I don't know why the
> > host name doesn't match, but will try to reproduce. Had no reverse proxy
> > environment to check this thoroughly.
> > But that means I need to create a new version, right?
> > 
> > Cheers
> > 
> > Martin
> > 
> > Am 25. April 2017 09:51:06 MESZ schrieb Olivier Lamy <olamy@apache.org>:
> >> Hi
> >> Yes it's behind a reverse proxy
> >> logs says
> >> 
> >> 2017-04-25 07:39:21,524 [qtp1564314458-63] WARN
> >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn
> >> terceptor [] - Referer Header Host does not match
> >> refererUrl=https://archiva-> >> repository.apache.org/archiva/index.html?request_lang=en,
targetUrl=
> >> http://archiva-repository.apache.org, archiva-repository.apache.org
> >> 
> >> The security.properties contains
> >> 
> >> rest.baseUrl=https://archiva-repository.apache.org  (I tried with https
> >> as well)
> >> 
> >> The referer header has value: https://archiva-> >> repository.apache.org/archiva/index.html?request_lang=en
> >> 
> >> Activating debug:
> >> 
> >> 2017-04-25 07:49:00,570 [qtp749705282-29] DEBUG
> >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn
> >> terceptor [] - Referer Header URL found: https://archiva-repository.
> >> apache.org/archiva/index.html?request_lang=en
> >> 
> >> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN
> >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn
> >> terceptor [] - Referer Header Host does not match
> >> refererUrl=https://archiva-> >> repository.apache.org/archiva/index.html?request_lang=en,
targetUrl=
> >> http://archiva-repository.apache.org, archiva-repository.apache.org
> >> 
> >> 2017-04-25 07:49:00,571 [qtp749705282-29] WARN
> >> org.apache.archiva.redback.rest.services.interceptors.RequestValidationIn
> >> terceptor [] - HTTP Header check failed. Assuming CSRF attack.
> >> 
> >> 
> >> Well I can disable that but I'd like to not have too many users
> >> complaining :-)
> >> 
> >> On 25 April 2017 at 16:54, Martin Stockhammer <martin_s@apache.org>
> >> 
> >> wrote:
> >>> Hi,
> >>> 
> >>> It's behind a reverse proxy or something similar?
> >>> I think it's the request url. It is determined automatically. But you
> >>> can set a redback configuration property.
> >>> In security.properties set
> >>> rest.baseUrl=http://archiva-repository.apache.org
> >>> 
> >>> Cheers
> >>> 
> >>> Martin
> >>> 
> >>> Am 25. April 2017 01:59:29 MESZ schrieb Olivier Lamy <olamy@apache.org>:
> >>>> Hi Martin,
> >>>> Thanks for your effort with the release!!
> >>>> Works fine locally, all sigs are ok!
> >>>> I installed the version for
> >>>> https://archiva-repository.apache.org/archiva/
> >>>> but I have a problem as cannot log anymore because some REST resources
> >>>> are
> >>>> marked as 403.
> >>>> In this particular case:
> >>>> https://archiva-repository.apache.org/archiva/restServices/archivaServi
> >>>> ces/commonServices/getAllI18nResources Any idea?
> >>>> 
> >>>> On 24 April 2017 at 05:01, Martin <martin_s@apache.org> wrote:
> >>>>  Hi,
> >>>>  
> >>>>>  I think I now have everything ready and I'd like to release Apache
> >>>>>  Archiva
> >>>>>  2.2.2
> >>>>>  
> >>>>>  Note this vote include some parent poms, and redback core.
> >>>>>  
> >>>>>  We fixed these issues:
> >>>>>  https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> >>>>>  projectId=12316920&version=12335832
> >>>>>  
> >>>>>  The staging repository is available here:
> >>>>>  https://archiva-repository.apache.org/archiva/repository/
> >>>>>  archiva-releases-stage/
> >>>>>  
> >>>>>  Dist artifacts here: https://dist.apache.org/repos/dist/dev/archiva/
> >>>>>  
> >>>>>  Vote open for 72H
> >>>>>  [+1]
> >>>>>  [0]
> >>>>>  [-1]
> >>>>>  
> >>>>>  Greetings
> >>>>>  --
> >>>>>  Martin Stockhammer
> >>> 
> >>> --
> >>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
> >> 
> >> --
> >> Olivier Lamy
> >> http://twitter.com/olamy | http://linkedin.com/in/olamy
> > 
> > --
> > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.



Mime
View raw message