Versions Compared

Old Version 17

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 18

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The new Confluence feature a dedicated theme for use on mobile devices. This is great, but unfortunately both the login and logout buttons in that theme do not work - they still point to the 'old' static login/logout links.


 Login button

I couldn't find any way to do this in Confluence, so I ended up rewriting it in Apache. See the snippet in the Apache config above.

Logout button

Luckily the logout button can be configured in Confluence, but the configuration file is located inside a JAR file (Java ARchive), so it's a little bit of work. For starters, you need the jar command, which is part of openjdk-7-jdk:

...

 

Code Block
languagehtml/xml
        <action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
            <interceptor-ref name="defaultStack"/>
            <result name="error" type="velocity">/logout.vm</result>
            <result name="success" type="redirect">/login.action?logout=true</result>
        </action>

to this:

Code Block
languagehtml/xml
        <action name="logout" class="com.atlassian.confluence.user.actions.LogoutAction">
            <interceptor-ref name="defaultStack"/>
            <result name="error" type="velocity">/logout.vm</result>
            <result name="success" type="redirect">/mellon/logout?ReturnTo=%2Fdashboard.action</result>
        </action>

 

Now "jar" everything up again and replace the original jar:

Code Block
languagebash
cd /tmp/jar
jar cf /opt/confluence/confluence/WEB-INF/lib/confluence-5.5.3.jar .

Restart Confluence. You should now also be able to use federated logins on your iPad/etc.

 

Post install 

jsessionid errors

If unauthenticated users try to access content that is protected, Confluence tries to set jsessionid as part of the URL. This leads to 404 errors like this:

Code Block
NOT FOUND
The requested URL /mellon/login;jsessionid=8A736F43779F96249F6C3DC41067BB98 was not found on this server.

Since the jsessionid part isn't needed, it can be removed uses a rewrite statement (see apache config above).

 

Limit access to the unprotected TCP port

Confluence by default listens to TCP port 8090 on all interface. Since Apache will be the internet facing application, there is no need for Confluence to listen on all interfaces. Even worse, if you do let it listen on the internet then it is trivial to add a REMOTE_USER header and spoof any account. Of course it is good practice to use a firewall to protect this port, but you can limit this in Confluence as well. Since Apache is configured to only connect to the (IPv6) localhost address, this is what you should configure Confluence to use as listening address. As per Tomcat docs, you should add an "address" attribute to the Connector, which is located in conf/server.xml:

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8090" address="::1" minProcessors="5"