Details
-
Bug
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
-
14.0.0, Meridian-2015.1.0
-
Security Level: Default (Default Security Scheme)
-
None
-
Horizon - July 5th, Horizon - July 12th, Horizon - July 26th
Description
Usually the Vaadin Applications are embedded as an iframe.
If you know the embedded url, you can get access to the application even if you are not authorized.
Example:
Login to demo.opennms.org with the demo user
Go to the following page: demo.opennms.org/opennms/osgi/jmx-config-tool
TADA you now have access to a restricted area.
Basically all osgi deployed applications are bridged AND accessible via /osgi/.