[jboss-jira] [JBoss JIRA] Commented: (JBAS-3595) Tomcat allows http access with transport guarantie CONFIDENTIAL
Remy Maucherat (JIRA)
jira-events at lists.jboss.org
Tue Dec 4 13:35:51 EST 2007
[ http://jira.jboss.com/jira/browse/JBAS-3595?page=comments#action_12390529 ]
Remy Maucherat commented on JBAS-3595:
--------------------------------------
The problem is apparently that JBossWebRealm.hasUserDataPermission does some checks, and ends up not calling the superclass (which does the redirection).
> Tomcat allows http access with transport guarantie CONFIDENTIAL
> ---------------------------------------------------------------
>
> Key: JBAS-3595
> URL: http://jira.jboss.com/jira/browse/JBAS-3595
> Project: JBoss Application Server
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Thomas Diesler
> Assigned To: Remy Maucherat
> Fix For: JBossAS-5.0.0.Beta3
>
> Attachments: test.war
>
>
> The generated web.xml contains CONFIDENTIAL. Access via http:// should be denied.
> This woks in Branch_4_0
> /home/tdiesler/svn/jbossws/trunk/src/test
> [tdiesler at tdvaio test]$ ant -Dtest=org.jboss.test.ws.samples.secureejb.SecureEJBTestCase one-test
> one-test:
> [junit] Running org.jboss.test.ws.samples.secureejb.SecureEJBTestCase
> [junit] Tests run: 5, Failures: 1, Errors: 0, Time elapsed: 5.452 sec
> [junit] Test org.jboss.test.ws.samples.secureejb.SecureEJBTestCase FAILED
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list