From 9c017cb0420cad79b6b02ac7c572aad64e0ea0ce Mon Sep 17 00:00:00 2001 From: Taher Alkhateeb Date: Mon, 19 Jun 2023 12:23:05 +0300 Subject: [PATCH] add comment on how to enable this plugin --- readme.html | 7 +++++++ readme.md | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/readme.html b/readme.html index 4160e0fe9..0f771656a 100644 --- a/readme.html +++ b/readme.html @@ -176,6 +176,13 @@

Third party

Installation

Copy restAPI.jar into the plugins directory of your Openfire server. The plugin will be automatically deployed. To upgrade to a newer version, overwrite the restAPI.jar file with the new one.

+ +

+ Important Step: To enable the plugin make sure to set the system property adminConsole.access.allow-wildcards-in-excludes to true. + Without the above step the REST API plugin always redirects to login + This was done in response to a security issue +

+

Explanation of REST

To provide a standard way of accessing the data the plugin is using REST.

diff --git a/readme.md b/readme.md index 724dbf784..a07b0e832 100644 --- a/readme.md +++ b/readme.md @@ -42,6 +42,11 @@ REST API clients are implementations of the REST API in a specific programming l Copy restAPI.jar into the plugins directory of your Openfire server. The plugin will be automatically deployed. To upgrade to a newer version, overwrite the restAPI.jar file with the new one. +*Important Step:* To enable the plugin make sure to set the system property `adminConsole.access.allow-wildcards-in-excludes` to `true` + +Without the above step the REST API plugin always [redirects to login](https://discourse.igniterealtime.org/t/when-i-upload-to-4-7-5-the-restapi-always-redirect/92892). +This was done in response to a [security issue](https://discourse.igniterealtime.org/t/cve-2023-32315-openfire-administration-console-authentication-bypass/92869). + ## Explanation of REST To provide a standard way of accessing the data the plugin is using REST.