Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-17918

[GSS](7.2.z) unsecured path warn for secured @WebService bean

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Explained
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web Services
    • Labels:
      None
    • Target Release:
    • Steps to Reproduce:
      Hide

      Deploy attached test app

      Show
      Deploy attached test app
    • QE Test Coverage:
      +

      Description

      A secured @WebService bean hits the following warns:

      WARN  [io.undertow.servlet] (ServerService Thread Pool -- 86) UT015020: Path /TestBean is secured for some HTTP methods, however it is not secured for [TRACE, HEAD, DELETE, GET, CONNECT, OPTIONS, PUT]
      

      org.jboss.as.webservices.util.WebMetaDataHelper.newWebResourceCollection sets the applicable methods to only POST or GET/POST:

      2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) GSS WebResourceCollectionMetaData.setHttpMethods: org.jboss.metadata.web.spec.WebResourceCollectionMetaData@bf779782{TestBean} [POST]
      2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) org.jboss.metadata.web.spec.WebResourceCollectionMetaData.setHttpMethods(WebResourceCollectionMetaData.java:105)
      2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) org.jboss.as.webservices.util.WebMetaDataHelper.newWebResourceCollection(WebMetaDataHelper.java:277)
      2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) org.jboss.as.webservices.tomcat.WebMetaDataCreator.createSecurityConstraints(WebMetaDataCreator.java:240)
      

      Should that method limitation be removed to avoid such unsecured method warns?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  iweiss Ingo Weiss
                  Reporter:
                  aogburn Aaron Ogburn
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: