[jboss-jira] [JBoss JIRA] (AS7-3415) security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter

Peter Skopek (JIRA) jira-events at lists.jboss.org
Mon Jan 23 09:09:18 EST 2012 

    [ https://issues.jboss.org/browse/AS7-3415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12661158#comment-12661158 ] 

Peter Skopek commented on AS7-3415:
-----------------------------------

Check https://github.com/jbossas/jboss-as/pull/1187 org.jboss.as.test.integration.web.security.tg.TransportGuaranteeTestCase
The test is marked with @Ignore("AS7-3415")
                
> security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AS7-3415
>                 URL: https://issues.jboss.org/browse/AS7-3415
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 7.1.0.CR1b
>            Reporter: Peter Skopek
>            Assignee: Remy Maucherat
>
> security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter
> {noformat}
> My settings:
> @ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" }, transportGuarantee = TransportGuarantee.CONFIDENTIAL) )
> web.xml excerpt:
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>sec</web-resource-name>
>             <url-pattern>/tgmixed/*</url-pattern>
>             <http-method>GET</http-method>
>             <http-method>POST</http-method>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>gooduser</role-name>
>         </auth-constraint>
>         <user-data-constraint>
>             <transport-guarantee>NONE</transport-guarantee>
>         </user-data-constraint>
>     </security-constraint>
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list