Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-4158

JACC:WebUserDataPermission creation for unchecked policy should consider excluded constraints

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • JBossAS-4.2.0.CR1
    • JBossAS-4.0.5.GA
    • Security
    • None
    • High

    Description

      For the following bit:

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>SecureStuff</web-resource-name>
      <url-pattern>/excluded.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <auth-constraint/>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      There is no need for the generation of a WebUserDataPermission("/excluded.jsp",null) added to the unchecked policy.

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            anil.saldhana Anil Saldanha (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: