[jbossws-issues] [JBoss JIRA] Created: (JBWS-3212) Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Wed Feb 9 10:46:47 EST 2011
Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.
------------------------------------------------------------------------
Key: JBWS-3212
URL: https://issues.jboss.org/browse/JBWS-3212
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.4.1
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: jbossws-native-4.0
Take an endpoint with a servlet-mapping similar to: -
<servlet-mapping>
<servlet-name>PhoneBook</servlet-name>
<url-pattern>/PB</url-pattern>
</servlet-mapping>
If the transport-guarantee is defined as: -
<security-constraint>
<web-resource-collection>
<web-resource-name>CONFIDENTIAL</web-resource-name>
<url-pattern>/PB</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
JBossWS will detect this correctly and place a https address in the WSDL.
However if the url-pattern is changed to: -
<url-pattern>/PB/*</url-pattern>
JBoss Web will still enforce the transport-guarantee for the call JBossWS will not detect this and will present a wsdl with a http address.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list