[jboss-jira] [JBoss JIRA] (JBEE-144) JACC 1.1 implementation must use exception list instead of missing method list for HTTP methods in the unchecked permissions

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Thu Sep 26 16:32:02 EDT 2013 

     [ https://issues.jboss.org/browse/JBEE-144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stefan Guilhen deleted JBEE-144:
--------------------------------

    
> JACC 1.1 implementation must use exception list instead of missing method list for HTTP methods in the unchecked permissions
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBEE-144
>                 URL: https://issues.jboss.org/browse/JBEE-144
>             Project: JBoss JavaEE Spec APIs
>          Issue Type: Bug
>            Reporter: Stefan Guilhen
>            Assignee: Stefan Guilhen
>
> As reported by [~jcacek]:
> The method {{org.jboss.as.web.security.WarJaccService.PatternInfo.getMissingMethods()}}  which subtracts current methods set from the "big 7" is used for constructing some unchecked permissions.
> The method exception list (i.e. exclamation mark followed by current methods) must be used instead - as defined in section 3.1.3.1 of JACC 1.1 specification.
> The specification says:
> {panel}
> h4.HTTP Method Exception List
> An HTTP method exception list is used to represent, by set difference, a non-
> enumerable subset of the set of all possible HTTP methods. An exception list
> respresents the subset of the complete set of HTTP methods formed by subtracting
> the methods named in the exception list from the complete set.
> An exception list is distinguished by its first character, which must be the
> exclaimation point (i.e., “!”) character. A comma seperated list of one or more
> HTTP method names must follow the exclaimation point.
> {panel}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list