[gatein-commits] gatein SVN: r8050 - epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF.
do-not-reply at jboss.org
do-not-reply at jboss.org
Sat Nov 12 12:58:35 EST 2011
Author: theute
Date: 2011-11-12 12:58:35 -0500 (Sat, 12 Nov 2011)
New Revision: 8050
Modified:
epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml
Log:
JBEPP-1336
Potential authentication bypass issue in gatein.ear
Modified: epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml
===================================================================
--- epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml 2011-11-12 15:50:20 UTC (rev 8049)
+++ epp/portal/branches/EPP_5_2_Branch/web/portal/src/main/webapp/WEB-INF/web.xml 2011-11-12 17:58:35 UTC (rev 8050)
@@ -304,8 +304,6 @@
<url-pattern>/private/*</url-pattern>
<url-pattern>/g/*</url-pattern>
<url-pattern>/u/*</url-pattern>
- <http-method>POST</http-method>
- <http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>users</role-name>
@@ -318,8 +316,6 @@
<web-resource-collection>
<web-resource-name>admin authentication</web-resource-name>
<url-pattern>/admin/*</url-pattern>
- <http-method>POST</http-method>
- <http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
More information about the gatein-commits
mailing list