]
Remy Maucherat commented on JBAS-5069:
--------------------------------------
Thanks a lot :)
org.jboss.test.security.test.WebConstraintsUnitTestCase (Excluded
Access failures)
----------------------------------------------------------------------------------
Key: JBAS-5069
URL:
http://jira.jboss.com/jira/browse/JBAS-5069
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Web (Tomcat) service
Affects Versions: JBossAS-5.0.0.Beta2
Environment: org.jboss.test.security.test.WebConstraintsUnitTestCase
Reproduce:
a) Start JBoss5
b) ant -Dtest=org.jboss.test.security.test.WebConstraintsUnitTestCase one-test
Reporter: Anil Saldhana
Assigned To: Scott M Stark
Priority: Blocker
Fix For: JBossAS-5.0.0.Beta3
With JBoss/Web, the excluded security constraints seem to be not working.
The web.xml is:
http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/resources/secu...
The errors are:
http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSui...
http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSui...
Failing calls:
1) testGetAccess() [GET IS EXCLUDED as per security constraint "excluded"]
{
// Validate that the excluded subcontext if not accessible
url = new URL(baseURL+"web-constraints/restricted/get-only/excluded/x");
HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN);
2) testExcludedAccess() [Security Constraint "Excluded GET"]
public void testExcludedAccess() throws Exception
{
String baseURL = HttpUtils.getBaseURL("getUser",
"getUserPass");
// Test the excluded security-constraint
URL url = new URL(baseURL+"web-constraints/excluded/x");
HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN);
......
Remy, please tell me if it is an issue with our security layer.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: