Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-4691

JACC: Unchecked WebUserDataPermission(s) for excluded and transport guarantee use cases

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • JBossAS-4.2.2.GA
    • JBossAS-4.2.0.GA
    • Security
    • None
    • Medium

      If security constraints exist with an excluding auth-constraint, then a WUDP needs to be added to unchecked policy for http methods that are non-excluded.

      Additionally, an unchecked perm should be added for :
      /**

      • A WebResourcePermission and a WebUserDataPermission must be added to the unchecked
      • policy statements for each url-pattern in the DD and the default pattern, "/",
        that is not combined by the webresource-collection elements of the deployment descriptor
      • with every HTTP method value. (JACC 1.0: Section 3.1.3.1)
        */

              anil.saldhana Anil Saldanha (Inactive)
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: