Cannot login to RAMADDA after recent update
18 views
Skip to first unread message
Julien Chastang
Mar 2, 2022, 2:24:54 PM3/2/22
to ramadda
Hello RAMADDA Community,
I maintain a RAMADDA server that I have been diligently updating as a response to upstream changes due to security concerns (log4j, etc.). Recently, I noticed that I could no longer login to our RAMADDA server:
Access to ramadda.scigw.unidata.ucar.edu was denied You don't have authorization to view this page.
HTTP ERROR 403
HTTP ERROR 403
Though it is possible I missed something, I am not noticing anything anomalous in the logs (other than the 403 error itself).
I also tried resetting passwords as describe here https://psl.noaa.gov/repository/htdocs_v5_0_5/userguide/faq.html with no happy resolution.
Any recommendations for dealing with this issue?
Thank you,
-Julien
Jeff McWhirter
Mar 2, 2022, 7:22:14 PM3/2/22
to Julien Chastang, ramadda
Hi Julien,
I have not seen any problems. What is strange is that when I try to login to your site with a bad user/password I just get a blank page in return with a 403 response.
I see that there are some extra http response headers being set, e.g, x-xss-protection. Those aren't coming from RAMADDA. I assume you are running Tomcat and those are being added? Maybe something is going with your Tomcat?
If you keep having problems I'll get a release out with some debugging around the login process
-Jeff
--
You received this message because you are subscribed to the Google Groups "ramadda" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ramadda+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ramadda/60ae4908-1875-435b-894f-8b3520ffc402n%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Julien Chastang
Mar 7, 2022, 2:32:00 PM3/7/22
to ramadda
Hi Jeff,
Thanks for the quick response. I traced the problem back to this commit:
https://github.com/geodesystems/ramadda/commit/1005558661a35f06890d22877bd31383c8c4c822
which had a poor interaction with this snippet from our web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
I'll work with Jen about the CORS filter.
Thank you again!
Thanks for the quick response. I traced the problem back to this commit:
https://github.com/geodesystems/ramadda/commit/1005558661a35f06890d22877bd31383c8c4c822
which had a poor interaction with this snippet from our web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
I'll work with Jen about the CORS filter.
Thank you again!
Reply all
Reply to author
Forward
0 new messages