[jboss-jira] [JBoss JIRA] (WFLY-839) no logmessage if @RolesAllowed is not present on @WebService inside a secure ejb-jar
Brian Stansberry (JIRA)
issues at jboss.org
Fri Feb 7 23:20:28 EST 2014
[ https://issues.jboss.org/browse/WFLY-839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFLY-839:
----------------------------------
Component/s: Web Services
> no logmessage if @RolesAllowed is not present on @WebService inside a secure ejb-jar
> ------------------------------------------------------------------------------------
>
> Key: WFLY-839
> URL: https://issues.jboss.org/browse/WFLY-839
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Web Services
> Reporter: Simon Walter
> Priority: Minor
>
> If a webserive with a webcontext-annotation is deployed inside a secure ejb-jar (security domain in jboss-ejb3.xml), where no web.xml is present, access to the webservice is denied without a logmessage.
> org.apache.catalina.realm.RealmBas#hasResourcePermission doesn't handle this case at all.
> There should be a logmessage if access to a resource is impossible because of this configuration error.
> Or a constraint at deployment time if a resource without a role is registered/deployed.
> This problem also occures if the @RolesAllowed-Annotation has "" as argument.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list