]
Brian Stansberry updated WFLY-839:
----------------------------------
Component/s: Web Services
no logmessage if @RolesAllowed is not present on @WebService inside a
secure ejb-jar
------------------------------------------------------------------------------------
Key: WFLY-839
URL:
https://issues.jboss.org/browse/WFLY-839
Project: WildFly
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Web Services
Reporter: Simon Walter
Priority: Minor
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security
domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied
without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at
all.
There should be a logmessage if access to a resource is impossible because of this
configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.
This problem also occures if the @RolesAllowed-Annotation has "" as argument.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: