Support Migration Notice: To update migrated JIRA cases click here to open a new case use www.vmware.com/go/sr | vFabric Hyperic 5.7.0 is Now Available

Hyperic HQ

Alert Actions have incorrect link

Details

  • Case Links:
    none
  • Regression:
    No
  • Tags:

Description

When trying to assign an item to an alert action (Example: Add to List under Notify HQ User/Notify Roles) the url to Add to List is incorrect. It points to the eid instead of the aetid. Example:

/alerts/Config.do?mode=addRoles&eid=2%3a10148&ad=10206&org.apache.catalina.filters.CSRF_NONCE=5DAF3137EB091D2F93853B68D464C085

Manually editing the url to:

/alerts/Config.do?mode=addRoles&aetid=2%3a10148&ad=10206&org.apache.catalina.filters.CSRF_NONCE=5DAF3137EB091D2F93853B68D464C085

Will yield the proper results.

Escalations, control actions, scripts seem to be unaffected

Steps to Reproduce:

1- Navigate to Administration - Monitoring Defaults -> Resource - Alerts - Win32
2-Create alert -> select OK
3- Select Notify HQ Users from the tab
4- Select Add to List
5- Select user -> Select OK

User get bounced out to the starting Resouce selection panel with the message "The specified resource does not exist." Adding the user to an escalation and assigning an escalation works as a workaround

Although I couldn't reproduce I believe it's possible for the link to "work" when the aetid equals a valid eid and the user will get added under the incorrect alert. This is why I've marked this with major priority despite there being 2 work arounds.

Activity

Hide
Wes Schlichter added a comment -

This appears to be a CSRF regression

Show
Wes Schlichter added a comment - This appears to be a CSRF regression
Hide
Wes Schlichter added a comment -

The jsp was using eid for ResourceType alert defs. Altered it to use aetid for ResourceType alert defs in both hq and hq-ee

Show
Wes Schlichter added a comment - The jsp was using eid for ResourceType alert defs. Altered it to use aetid for ResourceType alert defs in both hq and hq-ee
Hide
Wes Schlichter added a comment -

Reopened for backport into 4.6.0.2 and 4.5.2.3

Show
Wes Schlichter added a comment - Reopened for backport into 4.6.0.2 and 4.5.2.3

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Last comment:
    2 years, 20 weeks, 5 days ago