[jboss-cvs] JBossAS SVN: r92871 - tags/JBPAPP_5_0_0_CR3/build.

[jboss-cvs-commits at lists.jboss.org]

Author: fnasser at redhat.com
Date: 2009-08-27 11:39:44 -0400 (Thu, 27 Aug 2009)
New Revision: 92871

Modified:
   tags/JBPAPP_5_0_0_CR3/build/jbossas-5-disableauth.patch
Log:
92862  by smarlow at redhat.com: JBPAPP-2661 Unsecured HTTP invokers

Modified: tags/JBPAPP_5_0_0_CR3/build/jbossas-5-disableauth.patch
===================================================================
--- tags/JBPAPP_5_0_0_CR3/build/jbossas-5-disableauth.patch	2009-08-27 15:26:04 UTC (rev 92870)
+++ tags/JBPAPP_5_0_0_CR3/build/jbossas-5-disableauth.patch	2009-08-27 15:39:44 UTC (rev 92871)
@@ -605,4 +605,17 @@
  # A sample users.properties file for use with the UsersRolesLoginModule
 -# kermit=thefrog
 +kermit=thefrog
+diff -Naur server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml
+--- server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml	2009-08-26 16:01:09.000000000 -0400
++++ server/default/deploy/http-invoker.sar/invoker.war/WEB-INF/web.xml	2009-08-26 15:57:10.000000000 -0400
+@@ -156,9 +156,6 @@
+             role HttpInvoker to access the HTTP invoker servlets
+          </description>
+          <url-pattern>/restricted/*</url-pattern>
+-         <url-pattern>/JNDIFactory/*</url-pattern>
+-         <url-pattern>/EJBInvokerServlet/*</url-pattern>
+-         <url-pattern>/JMXInvokerServlet/*</url-pattern>
+          <http-method>GET</http-method>
+          <http-method>POST</http-method>
+       </web-resource-collection>