[
https://issues.jboss.org/browse/AS7-3415?page=com.atlassian.jira.plugin.s...
]
Remy Maucherat resolved AS7-3415.
---------------------------------
Resolution: Rejected
Ok, so it's invalid then. A servlet security does not apply to paths that have any
static constraint, but your constaint from web.xml is not the exact match, so it's
just there doing nothing.
You probably shouldn't be writing tests that duplicate tests in the TCK IMO.
security-constraint/user-data-constraint/transport-guarantee in
web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee
parameter
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: AS7-3415
URL:
https://issues.jboss.org/browse/AS7-3415
Project: Application Server 7
Issue Type: Bug
Components: Web
Affects Versions: 7.1.0.CR1b
Reporter: Peter Skopek
Assignee: Remy Maucherat
security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't
override setting from servlet @ServletSecurity transportGuarantee parameter
{noformat}
My settings:
@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" },
transportGuarantee = TransportGuarantee.CONFIDENTIAL) )
web.xml excerpt:
<security-constraint>
<web-resource-collection>
<web-resource-name>sec</web-resource-name>
<url-pattern>/tgmixed/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>gooduser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira