New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WFLY-11584] Legacy Web migrate op fails if a connector has scheme ht… #11993
Conversation
@fl4via Please review / approve. Questions I had:
So is turning this on on the basis of 'proxy-name' having been set sufficient? |
@bstansberry, @fl4via, PR amended, everything in the configuration is optional, I cannot set a parameter that might make the user setup insecure in any case, so instead of failing if no SSL configuration is found, there is a warning message and the connector is migrated as http, since that is allowed and probably expected. Let me know if that is fine with you. |
Just to let you know that this is under my radar. I'll have some time slot to look at it later today, it is on top of my todo list. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the migrateConnector if/else statements need some changes.
@@ -985,33 +982,36 @@ private void migrateConnector(OperationContext context, Map<PathAddress, ModelNo | |||
if (scheme == null || scheme.equals("http")) { | |||
newAddress = pathAddress(UndertowExtension.SUBSYSTEM_PATH, DEFAULT_SERVER_PATH, pathElement(Constants.HTTP_LISTENER, address.getLastElement().getValue())); | |||
addConnector = createAddOperation(newAddress); | |||
} else if (scheme.equals("https")) { | |||
} else if (scheme.equals("https") && legacyAddOp == null ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that if (scheme == null || scheme.equals("http") {...} else if (scheme.equals("https")) {final ModelNode legacyAddOp =...; if (legacyAddOpp == null) {...} else {...}} else {...} is cleaner and leaves no space for bugs. The way it is right now, you are saying that no matter what is the value of scheme (we only know it is not null and not equal to "http", if we have ssl we will go to http. Is that what you intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, only http and https values could be used but you can set there the value you like, added the changes. Thank you.
…tps and no SSL config
@bstansberry you can mark this is as ready to merge, IMO |
Retest this please |
…tps and no SSL config
Issue: https://issues.jboss.org/browse/WFLY-11584
There is a case were you can have https scheme with no configuration if working with a proxy, https scheme cannot be used to determine if it is using SSL.