[
http://jira.jboss.com/jira/browse/JBAS-4158?page=all ]
Anil Saldhana updated JBAS-4158:
--------------------------------
Description:
For the following bit:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureStuff</web-resource-name>
<url-pattern>/excluded.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint/>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
There is no need for the generation of a
WebUserDataPermission("/excluded.jsp",null) added to the unchecked policy.
was:
For the following bit:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureStuff</web-resource-name>
<url-pattern>/excluded.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint/>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
There is no need for the generation of a
WebUserDataPermission("/excluded.jsp",null)
JACC:WebUserDataPermission creation for unchecked policy should
consider excluded constraints
---------------------------------------------------------------------------------------------
Key: JBAS-4158
URL:
http://jira.jboss.com/jira/browse/JBAS-4158
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.5.GA
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: JBossAS-4.2.0.CR1
For the following bit:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureStuff</web-resource-name>
<url-pattern>/excluded.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint/>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
There is no need for the generation of a
WebUserDataPermission("/excluded.jsp",null) added to the unchecked policy.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira