[jboss-jira] [JBoss JIRA] (JBEE-143) JACC permissions added to the unchecked policy must be constructed using qualified pattern as their name

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Thu Sep 26 16:32:02 EDT 2013 

     [ https://issues.jboss.org/browse/JBEE-143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen deleted JBEE-143:
--------------------------------

    
>  JACC permissions added to the unchecked policy must be constructed using qualified pattern as their name
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: JBEE-143
>                 URL: https://issues.jboss.org/browse/JBEE-143
>             Project: JBoss JavaEE Spec APIs
>          Issue Type: Bug
>            Reporter: Stefan Guilhen
>            Assignee: Stefan Guilhen
>
> As reported by [~jcacek]:
> JACC 1.1 specification, chapter 3.1.3.1 Translating security-constraint Elements says:
> {panel}
> A WebResourcePermission and a WebUserDataPermission must be added to
> the unchecked policy statements for each url-pattern in the deployment
> descriptor and the default pattern, "/", that is not combined by the web-
> resource-collection elements of the deployment descriptor with every
> HTTP method value. The permission objects must be constructed using the
> *qualified pattern* as their name and with actions represented by an HTTP method
> exception list that identifies (as defined in “HTTP Method Exception List”) all the
> HTTP methods that do not occur in combination with the pattern.The resulting
> permissions must be added to the unchecked policy statements by calling the
> addToUncheckedPolicy method on the PolicyConfiguration object.
> {panel}
> but the class WarJaccService doesn't use qualified patterns (around line 170 in source code):
> {code}
> String excludedString = "!" + getCommaSeparatedString(httpMethods);
> WebResourcePermission wrp1 = new WebResourcePermission(info.pattern, excludedString);
> WebUserDataPermission wudp1 = new WebUserDataPermission(info.pattern, excludedString);
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list