[
https://issues.jboss.org/browse/AS7-3415?page=com.atlassian.jira.plugin.s...
]
Remy Maucherat commented on AS7-3415:
-------------------------------------
Please provide a test WAR.
security-constraint/user-data-constraint/transport-guarantee in
web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee
parameter
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: AS7-3415
URL:
https://issues.jboss.org/browse/AS7-3415
Project: Application Server 7
Issue Type: Bug
Components: Web
Affects Versions: 7.1.0.CR1b
Reporter: Peter Skopek
Assignee: Remy Maucherat
security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't
override setting from servlet @ServletSecurity transportGuarantee parameter
{noformat}
My settings:
@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" },
transportGuarantee = TransportGuarantee.CONFIDENTIAL) )
web.xml excerpt:
<security-constraint>
<web-resource-collection>
<web-resource-name>sec</web-resource-name>
<url-pattern>/tgmixed/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>gooduser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira