[jboss-jira] [JBoss JIRA] Commented: (JBAS-5069) org.jboss.test.security.test.WebConstraintsUnitTestCase (Excluded Access failures)

org.jboss.test.security.test.WebConstraintsUnitTestCase (Excluded Access failures) ---------------------------------------------------------------------------------- Key: JBAS-5069 URL: http://jira.jboss.com/jira/browse/JBAS-5069 Project: JBoss Application Server Issue Type: Bug Security Level: Public(Everyone can see) Components: Web (Tomcat) service Affects Versions: JBossAS-5.0.0.Beta2 Environment: org.jboss.test.security.test.WebConstraintsUnitTestCase Reproduce: a) Start JBoss5 b) ant -Dtest=org.jboss.test.security.test.WebConstraintsUnitTestCase one-test Reporter: Anil Saldhana Assigned To: Remy Maucherat Fix For: JBossAS-5.0.0.Beta3 With JBoss/Web, the excluded security constraints seem to be not working. The web.xml is: http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/resources/secu... The errors are: http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSui... http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSui... Failing calls: 1) testGetAccess() [GET IS EXCLUDED as per security constraint "excluded"] { // Validate that the excluded subcontext if not accessible url = new URL(baseURL+"web-constraints/restricted/get-only/excluded/x"); HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); 2) testExcludedAccess() [Security Constraint "Excluded GET"] public void testExcludedAccess() throws Exception { String baseURL = HttpUtils.getBaseURL("getUser", "getUserPass"); // Test the excluded security-constraint URL url = new URL(baseURL+"web-constraints/excluded/x"); HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN); ...... Remy, please tell me if it is an issue with our security layer.