[
https://issues.jboss.org/browse/AS7-3415?page=com.atlassian.jira.plugin.s...
]
Peter Skopek commented on AS7-3415:
-----------------------------------
Well, let be little bit more specific why it has to be the exact match.
Chapter 13.8.3 Processing Requests of the Java Servlet Specification v.3.0 says:
When a Servlet container receives a request, it shall use the algorithm described in
“Use of URL Paths” on page 95 to select the constraints (if any) defined on the url-
pattern that is *the best match* to the request URI.
I still don't see any mention of exact match to url pattern, so I think the test is
valid and the problem has to be fixed.
security-constraint/user-data-constraint/transport-guarantee in
web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee
parameter
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: AS7-3415
URL:
https://issues.jboss.org/browse/AS7-3415
Project: Application Server 7
Issue Type: Bug
Components: Web
Affects Versions: 7.1.0.CR1b
Reporter: Peter Skopek
Assignee: Remy Maucherat
security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't
override setting from servlet @ServletSecurity transportGuarantee parameter
{noformat}
My settings:
@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" },
transportGuarantee = TransportGuarantee.CONFIDENTIAL) )
web.xml excerpt:
<security-constraint>
<web-resource-collection>
<web-resource-name>sec</web-resource-name>
<url-pattern>/tgmixed/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>gooduser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira