[jboss-jira] [JBoss JIRA] (WFLY-3261) Security constraint does not protect URL

Stuart Douglas (JIRA) issues at jboss.org
Fri May 16 10:11:58 EDT 2014 

     [ https://issues.jboss.org/browse/WFLY-3261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas resolved WFLY-3261.
----------------------------------

    Fix Version/s: 8.1.0.Final
       Resolution: Done


Caching issue should be fixed now.

> Security constraint does not protect URL
> ----------------------------------------
>
>                 Key: WFLY-3261
>                 URL: https://issues.jboss.org/browse/WFLY-3261
>             Project: WildFly
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Undertow)
>    Affects Versions: 8.1.0.CR1
>            Reporter: Simon Martinelli
>            Assignee: Stuart Douglas
>             Fix For: 8.1.0.Final
>
>
> Security constraint works as expected on JBoss EAP 6.2.2 and JBoss AS 7.1.1.Final but no on Wildfly
> *web.xml*
> {code:xml}
> <security-constraint>
> 	<display-name>Spaces</display-name>
>     <web-resource-collection>
>     <web-resource-name>spaces</web-resource-name>
> 		<url-pattern>/spaces/*</url-pattern>
> 	</web-resource-collection>
> 	<auth-constraint>
>          <role-name>user</role-name>
>     </auth-constraint>
> </security-constraint>
> {code}
> *jboss-web.xml*
> {code:xml}
> <jboss-web>
>   <context-root>/jtaf</context-root>
>   <security-domain>jtaf</security-domain>
> </jboss-web>
> {code}
> *standalone.xml*
> {code:xml}
> <security-domain name="jtaf" cache-type="default">
> 	<authentication>
> 		<login-module code="Database" flag="required">
> 			<module-option name="dsJndiName" value="java:jboss/datasources/MysqlDS"/>
> 			<module-option name="principalsQuery" value="select secret from securityuser where email = ?"/>
>             <module-option name="rolesQuery" value="select name, 'Roles' from securitygroup where email = ?"/>
>             <module-option name="password-stacking" value="useFirstPass"/>
>             <module-option name="hashAlgorithm" value="MD5"/>
>             <module-option name="hashEncoding" value="base64"/>
>         </login-module>
> 	</authentication>
> </security-domain>
> {code}



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the jboss-jira mailing list