Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-4158

JACC:WebUserDataPermission creation for unchecked policy should consider excluded constraints

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • JBossAS-4.2.0.CR1
    • JBossAS-4.0.5.GA
    • Security
    • None
    • High

      For the following bit:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>SecureStuff</web-resource-name>
      <url-pattern>/excluded.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint/>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      There is no need for the generation of a WebUserDataPermission("/excluded.jsp",null) added to the unchecked policy.

              anil.saldhana Anil Saldanha (Inactive)
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: