[jboss-jira] [JBoss JIRA] (AS7-3664) no logmessage if @RolesAllowed is not present on @WebService inside a secure ejb-jar

Simon Walter (JIRA) jira-events at lists.jboss.org
Tue Feb 7 19:00:48 EST 2012 

     [ https://issues.jboss.org/browse/AS7-3664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Simon Walter updated AS7-3664:
------------------------------

    Description: 
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at all.

There should be a logmessage if access to a resource is impossible because of this configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.

This problem also occures if the @RolesAllowed-Annotation has "" as argument.

  was:
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at all.

There should be a logmessage if access to a resource is impossible because of this configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.


    
> no logmessage if @RolesAllowed is not present on @WebService inside a secure ejb-jar
> ------------------------------------------------------------------------------------
>
>                 Key: AS7-3664
>                 URL: https://issues.jboss.org/browse/AS7-3664
>             Project: Application Server 7
>          Issue Type: Bug
>    Affects Versions: 7.1.0.CR1b
>            Reporter: Simon Walter
>            Priority: Minor
>
> If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied without a logmessage.
> org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at all.
> There should be a logmessage if access to a resource is impossible because of this configuration error.
> Or a constraint at deployment time if a resource without a role is registered/deployed.
> This problem also occures if the @RolesAllowed-Annotation has "" as argument.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list