[jboss-jira] [JBoss JIRA] Closed: (SECURITY-63) JACC: Security Constraint missing an auth-constraint needs an unchecked permission

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Wed Jun 13 16:19:11 EDT 2007 

     [ http://jira.jboss.com/jira/browse/SECURITY-63?page=all ]

Anil Saldhana closed SECURITY-63.
---------------------------------

    Resolution: Done

$>ant -Dtest=org.jboss.test.jacc.test.WebPermissionsValidationTestCase one-test
Buildfile: build.xml 

one-test:
   [delete] Deleting: C:\cygwin\home\asaldhana\jboss-5.0\jboss-head\testsuite\output\log\test.log
    [junit] Running org.jboss.test.jacc.test.WebPermissionsValidationTestCase
    [junit] Found log4j.xml: file:/C:/cygwin/home/asaldhana/jboss-5.0/jboss-head/testsuite/output/resources/log4j.xml
    [junit] Tests run: 1, Failures: 0, Errors: 0, Time elapsed: 0.828 sec

BUILD SUCCESSFUL
Total time: 4 seconds

> JACC: Security Constraint missing an auth-constraint needs an unchecked permission
> ----------------------------------------------------------------------------------
>
>                 Key: SECURITY-63
>                 URL: http://jira.jboss.com/jira/browse/SECURITY-63
>             Project: JBoss Security and Identity Management
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: AS-Integration
>    Affects Versions: 2.0.GA
>            Reporter: Anil Saldhana
>         Assigned To: Anil Saldhana
>             Fix For: 2.0.1.BETA
>
>
> Given a snippet
> <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>MyBit4</web-resource-name>
>          <url-pattern>/unchecked.jsp</url-pattern>
>          <http-method>POST</http-method>
>          <http-method>GET</http-method>
>       </web-resource-collection>
>       <user-data-constraint>
>          <transport-guarantee>NONE</transport-guarantee>
>       </user-data-constraint>
>    </security-constraint>
> This requires an unchecked permission added to the policy as follows:
> WebResourcePermission("/unchecked.jsp", (String) null))

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list