[JBoss JIRA] (AS7-3664) no logmessage if @RolesAllowed is not present on @WebService inside a secure ejb-jar
5:56 p.m.
Simon Walter created AS7-3664:
---------------------------------
Summary: no logmessage if @RolesAllowed is not present on @WebService inside
a secure ejb-jar
Key: AS7-3664
URL: https://issues.jboss.org/browse/AS7-3664
Project: Application Server 7
Issue Type: Bug
Affects Versions: 7.1.0.CR1b
Reporter: Simon Walter
Priority: Minor
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security
domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied
without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at
all.
There should be a logmessage if access to a resource is impossible because of this
configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
6 p.m.
[
https://issues.jboss.org/browse/AS7-3664?page=com.atlassian.jira.plugin.s...
]
Simon Walter updated AS7-3664:
------------------------------
Description:
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security
domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied
without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at
all.
There should be a logmessage if access to a resource is impossible because of this
configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.
This problem also occures if the @RolesAllowed-Annotation has "" as argument.
was:
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security
domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied
without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at
all.
There should be a logmessage if access to a resource is impossible because of this
configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.
no logmessage if @RolesAllowed is not present on @WebService inside a
secure ejb-jar
------------------------------------------------------------------------------------
Key: AS7-3664
URL: https://issues.jboss.org/browse/AS7-3664
Project: Application Server 7
Issue Type: Bug
Affects Versions: 7.1.0.CR1b
Reporter: Simon Walter
Priority: Minor
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security
domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied
without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at
all.
There should be a logmessage if access to a resource is impossible because of this
configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.
This problem also occures if the @RolesAllowed-Annotation has "" as argument.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
12:26 p.m.
[
https://issues.jboss.org/browse/AS7-3664?page=com.atlassian.jira.plugin.s...
]
Brian Stansberry updated AS7-3664:
----------------------------------
Component/s: Web
no logmessage if @RolesAllowed is not present on @WebService inside a
secure ejb-jar
------------------------------------------------------------------------------------
Key: AS7-3664
URL: https://issues.jboss.org/browse/AS7-3664
Project: Application Server 7
Issue Type: Bug
Components: Web
Affects Versions: 7.1.0.CR1b
Reporter: Simon Walter
Priority: Minor
If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security
domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied
without a logmessage.
org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at
all.
There should be a logmessage if access to a resource is impossible because of this
configuration error.
Or a constraint at deployment time if a resource without a role is registered/deployed.
This problem also occures if the @RolesAllowed-Annotation has "" as argument.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
5201
days inactive
5214
days old
2 comments
2 participants
participants (2)
-
Brian Stansberry (JIRA) -
Simon Walter (JIRA)