[jboss-jira] [JBoss JIRA] (AS7-3415) security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter

[Peter Skopek (JIRA)]

Peter Skopek created AS7-3415:
---------------------------------

             Summary: security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter
                 Key: AS7-3415
                 URL: https://issues.jboss.org/browse/AS7-3415
             Project: Application Server 7
          Issue Type: Bug
          Components: Web
    Affects Versions: 7.1.0.CR1b
            Reporter: Peter Skopek
            Assignee: Remy Maucherat


security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter

{noformat}
My settings:
@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" }, transportGuarantee = TransportGuarantee.CONFIDENTIAL) )

web.xml excerpt:
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>sec</web-resource-name>
            <url-pattern>/tgmixed/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>gooduser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
{noformat}


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira