IDEMPIERE-3940 Allow idempiereMonitor and others to work on load balancer / deactivate also the old restlet server intended to get DB info from swing client (potential security issue)

2019-03-29 14:39:27 -03:00 · 2019-03-29 14:39:27 -03:00 · 5c809d2e87
parent 4e31368f17
commit 5c809d2e87
6 changed files with 16 additions and 16 deletions
--- a/org.adempiere.base/src/org/compiere/util/WebDoc.java
+++ b/org.adempiere.base/src/org/compiere/util/WebDoc.java
@ -189,7 +189,7 @@ public class WebDoc
 			m_topRight.addElement(new img("res:org/compiere/images/iD10030.png")
 			.setAlign(AlignType.RIGHT).setAlt("iDempiere"));
 		} else {
-			m_topRight.addElement(new img("images/header-logo.png")
+			m_topRight.addElement(new img("webui/theme/default/images/header-logo.png")
 			.setAlign(AlignType.RIGHT).setAlt("iDempiere"));
 		}
 		m_topRow.addElement(m_topRight);
--- a/org.adempiere.base/src/org/compiere/util/WebLogin.java
+++ b/org.adempiere.base/src/org/compiere/util/WebLogin.java
@ -189,7 +189,7 @@ public class WebLogin
 				m_session.invalidate ();
 			}
 			//	Forward to unsecure /
-			WebUtil.createForwardPage(m_response, "Logout", "http://" + m_request.getServerName() + "/", 2);
+			WebUtil.createForwardPage(m_response, "Logout", m_request.getScheme() + "://" + m_request.getServerName() + ":" + m_request.getServerPort() + "/", 2);
 		}
 		//	Send EMail				***	Send Password EMail Request
 		else if ("SendEMail".equals(m_mode))
--- a/org.adempiere.server/META-INF/MANIFEST.MF
+++ b/org.adempiere.server/META-INF/MANIFEST.MF
@ -27,6 +27,7 @@ Import-Package: javax.jms;version="1.1.0",
 org.restlet,
 org.restlet.data,
 org.restlet.ext.servlet,
+ org.restlet.ext.servlet.internal,
 org.restlet.representation,
 org.restlet.resource,
 org.restlet.routing,
--- a/org.adempiere.server/WEB-INF/web.xml
+++ b/org.adempiere.server/WEB-INF/web.xml
@ -32,12 +32,12 @@
 		</init-param>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-	<servlet>
+	<!-- <servlet>
 		<description>iDempiere Server Status Info</description>
 		<display-name>Server Status</display-name>
 		<servlet-name>StatusInfo</servlet-name>
 		<servlet-class>org.compiere.web.StatusInfo</servlet-class>
-	</servlet>
+	</servlet> -->
 	<servlet>
 		<description>iDempiere Server Monitor</description>
 		<display-name>iDempiere Monitor</display-name>
@ -46,31 +46,30 @@
 		<load-on-startup>1</load-on-startup>
 	</servlet>
 	<!-- Restlet adapter -->
-    <servlet>
+    <!-- <servlet>
      <servlet-name>RestletServlet</servlet-name>
      <servlet-class>org.restlet.ext.servlet.ServerServlet</servlet-class>
      <init-param>
-            <!-- Application class name -->
            <param-name>org.restlet.application</param-name>
            <param-value>org.adempiere.web.server.ServerApplication</param-value>
      </init-param>
-    </servlet>
+    </servlet> -->
 	<servlet-mapping>
 		<servlet-name>JnlpDownloadServlet</servlet-name>
 		<url-pattern>*.jnlp</url-pattern>
 	</servlet-mapping>
-	<servlet-mapping>
+	<!-- <servlet-mapping>
 		<servlet-name>StatusInfo</servlet-name>
 		<url-pattern>/statusInfo</url-pattern>
-	</servlet-mapping>
+	</servlet-mapping> -->
 	<servlet-mapping>
 		<servlet-name>idempiereMonitor</servlet-name>
 		<url-pattern>/idempiereMonitor/*</url-pattern>
 	</servlet-mapping>
-	<servlet-mapping>
+	<!-- <servlet-mapping>
      <servlet-name>RestletServlet</servlet-name>
      <url-pattern>/server/*</url-pattern>
-   </servlet-mapping>
+   </servlet-mapping> -->
 	<session-config>
 		<session-timeout>15</session-timeout>
 	</session-config>
@ -95,9 +94,9 @@
 			<web-resource-name>service</web-resource-name>
 			<url-pattern>/server/*</url-pattern>
 		</web-resource-collection>
-		<user-data-constraint>
+		<!-- <user-data-constraint>
 			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
-		</user-data-constraint>
+		</user-data-constraint> -->
 	</security-constraint>
 	<welcome-file-list>
 		<welcome-file>idempiere.jsp</welcome-file>
--- a/org.adempiere.webstore/WEB-INF/jspf/header.jspf
+++ b/org.adempiere.webstore/WEB-INF/jspf/header.jspf
@ -7,7 +7,7 @@
  --%>
 <div id="header">
 	<div id="headerIcon">
-	  <a href="http://<c:out value='${pageContext.request.serverName}'/>/">
+	  <a href="${pageContext.request.scheme}://<c:out value='${pageContext.request.serverName}:${pageContext.request.serverPort}'/>/">
 	  <img src="<c:out value='${ctx.webParam1}' default='AdempiereERP.gif'/>" alt="Adempiere - 1999-2007" /></a>
 	</div>
 	<div id="headerMenu">
--- a/org.adempiere.webstore/WEB-INF/web.xml
+++ b/org.adempiere.webstore/WEB-INF/web.xml
@ -31,9 +31,9 @@
 			<url-pattern>/orderServlet</url-pattern>
 		</web-resource-collection>

-		<user-data-constraint>
+		<!--  <user-data-constraint>
 			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
-		</user-data-constraint>
+		</user-data-constraint> -->
 	</security-constraint>

 	<session-config>