[jboss-cvs] JBossAS SVN: r92859 - tags/JBPAPP_5_0_0_CR3/build.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Aug 27 09:25:19 EDT 2009
Author: fnasser at redhat.com
Date: 2009-08-27 09:25:19 -0400 (Thu, 27 Aug 2009)
New Revision: 92859
Modified:
tags/JBPAPP_5_0_0_CR3/build/jbossas-5-enableauth.patch
Log:
r92844 | smarlow at redhat.com: JBPAPP-2661 Unsecured HTTP invokers
Modified: tags/JBPAPP_5_0_0_CR3/build/jbossas-5-enableauth.patch
===================================================================
--- tags/JBPAPP_5_0_0_CR3/build/jbossas-5-enableauth.patch 2009-08-27 10:58:32 UTC (rev 92858)
+++ tags/JBPAPP_5_0_0_CR3/build/jbossas-5-enableauth.patch 2009-08-27 13:25:19 UTC (rev 92859)
@@ -701,3 +701,17 @@
<!--
A template configuration for the JBossWS security domain.
This defaults to the UsersRolesLoginModule the same as other and should be
+diff -Naur server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml
+--- server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml 2009-08-26 15:57:10.000000000 -0400
++++ server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml 2009-08-26 16:01:09.000000000 -0400
+@@ -156,6 +156,9 @@
+ role HttpInvoker to access the HTTP invoker servlets
+ </description>
+ <url-pattern>/restricted/*</url-pattern>
++ <url-pattern>/JNDIFactory/*</url-pattern>
++ <url-pattern>/EJBInvokerServlet/*</url-pattern>
++ <url-pattern>/JMXInvokerServlet/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+
More information about the jboss-cvs-commits
mailing list