-
Bug
-
Resolution: Done
-
Blocker
-
JBossAS-5.0.0.Beta2
-
None
-
Medium
With JBoss/Web, the excluded security constraints seem to be not working.
The web.xml is:
http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/resources/security/web-constraints/web.xml
The errors are:
http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSuite-sun15-noip/lastBuild/testReport/org.jboss.test.security.test/WebConstraintsUnitTestCase(tests-security-basic-unit)/testGetAccess/
http://hudson.jboss.org/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-TestSuite-sun15-noip/lastBuild/testReport/org.jboss.test.security.test/WebConstraintsUnitTestCase(tests-security-basic-unit)/testExcludedAccess/
Failing calls:
1) testGetAccess() [GET IS EXCLUDED as per security constraint "excluded"]
{
// Validate that the excluded subcontext if not accessible
url = new URL(baseURL+"web-constraints/restricted/get-only/excluded/x");
HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN);
2) testExcludedAccess() [Security Constraint "Excluded GET"]
public void testExcludedAccess() throws Exception
{
String baseURL = HttpUtils.getBaseURL("getUser", "getUserPass");
// Test the excluded security-constraint
URL url = new URL(baseURL+"web-constraints/excluded/x");
HttpUtils.accessURL(url, REALM, HttpURLConnection.HTTP_FORBIDDEN);
......
Remy, please tell me if it is an issue with our security layer.
