[jboss-jira] [JBoss JIRA] Resolved: (JBAS-5069) org.jboss.test.security.test.WebConstraintsUnitTestCase (Excluded Access failures)

Scott M Stark (JIRA) jira-events at lists.jboss.org
Fri Dec 14 03:32:51 EST 2007 

     [ http://jira.jboss.com/jira/browse/JBAS-5069?page=all ]

Scott M Stark resolved JBAS-5069.
---------------------------------

    Resolution: Done

With the code that will go into 1.0.0.Beta4, this test passes:

one-test:
    [mkdir] Created dir: /home/svn/JBossHead/jboss-head/testsuite/output/log
    [junit] Running org.jboss.test.security.test.WebConstraintsUnitTestCase
    [junit] Tests run: 4, Failures: 0, Errors: 0, Time elapsed: 13.841 sec

BUILD SUCCESSFUL


> org.jboss.test.security.test.WebConstraintsUnitTestCase (Excluded Access failures)
> ----------------------------------------------------------------------------------
>
>                 Key: JBAS-5069
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5069
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service
>    Affects Versions: JBossAS-5.0.0.Beta2
>         Environment: org.jboss.test.security.test.WebConstraintsUnitTestCase
> Reproduce:
> a) Start JBoss5
> b) ant -Dtest=org.jboss.test.security.test.WebConstraintsUnitTestCase one-test
>            Reporter: Anil Saldhana
>         Assigned To: Scott M Stark
>            Priority: Blocker
>             Fix For:  JBossAS-5.0.0.Beta3
>
>
> With JBoss/Web, the excluded security constraints seem to be not working.
> The web.xml is:
> http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/resources/security/web-constraints/web.xml
> The errors are:
> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSuite-sun15-noip/lastBuild/testReport/org.jboss.test.security.test/WebConstraintsUnitTestCase(tests-security-basic-unit)/testGetAccess/
> http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSuite-sun15-noip/lastBuild/testReport/org.jboss.test.security.test/WebConstraintsUnitTestCase(tests-security-basic-unit)/testExcludedAccess/
> Failing calls:
> 1) testGetAccess()  [GET IS EXCLUDED as per security constraint "excluded"]
> {
>      // Validate that the excluded subcontext if not accessible
>       url = new URL(baseURL+"web-constraints/restricted/get-only/excluded/x");
>       HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN);
> 2) testExcludedAccess()  [Security Constraint "Excluded GET"]
>  public void testExcludedAccess() throws Exception
>    {
>       String baseURL = HttpUtils.getBaseURL("getUser", "getUserPass");
>       // Test the excluded security-constraint
>       URL url = new URL(baseURL+"web-constraints/excluded/x");
>       HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN);
> ......
> Remy, please tell me if it is an issue with our security layer.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list