[jboss-jira] [JBoss JIRA] Commented: (JBAS-3595) Tomcat allows http access with transport guarantie CONFIDENTIAL

Tuesday, 4 December 2007

    [ http://jira.jboss.com/jira/browse/JBAS-3595?page=comments#action_12390529 ] 

Remy Maucherat commented on JBAS-3595:
--------------------------------------

The problem is apparently that JBossWebRealm.hasUserDataPermission does some checks, and
ends up not calling the superclass (which does the redirection).

...
 Tomcat allows http access with transport guarantie CONFIDENTIAL
 ---------------------------------------------------------------

                 Key: JBAS-3595
                 URL: http://jira.jboss.com/jira/browse/JBAS-3595
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
            Reporter: Thomas Diesler
         Assigned To: Remy Maucherat
             Fix For:  JBossAS-5.0.0.Beta3

         Attachments: test.war

 The generated web.xml contains CONFIDENTIAL. Access via http:// should be denied.
 This woks in Branch_4_0
 /home/tdiesler/svn/jbossws/trunk/src/test
 [tdiesler@tdvaio test]$ ant -Dtest=org.jboss.test.ws.samples.secureejb.SecureEJBTestCase
one-test
 one-test:
     [junit] Running org.jboss.test.ws.samples.secureejb.SecureEJBTestCase
     [junit] Tests run: 5, Failures: 1, Errors: 0, Time elapsed: 5.452 sec
     [junit] Test org.jboss.test.ws.samples.secureejb.SecureEJBTestCase FAILED 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] Commented: (JBAS-3595) Tomcat allows http access with transport guarantie CONFIDENTIAL