Details
-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
None
-
None
-
+
-
Description
A secured @WebService bean hits the following warns:
WARN [io.undertow.servlet] (ServerService Thread Pool -- 86) UT015020: Path /TestBean is secured for some HTTP methods, however it is not secured for [TRACE, HEAD, DELETE, GET, CONNECT, OPTIONS, PUT]
org.jboss.as.webservices.util.WebMetaDataHelper.newWebResourceCollection sets the applicable methods to only POST or GET/POST:
2019-11-01 17:31:49,464 INFO [stdout] (MSC service thread 1-2) GSS WebResourceCollectionMetaData.setHttpMethods: org.jboss.metadata.web.spec.WebResourceCollectionMetaData@bf779782{TestBean} [POST]
2019-11-01 17:31:49,464 INFO [stdout] (MSC service thread 1-2) org.jboss.metadata.web.spec.WebResourceCollectionMetaData.setHttpMethods(WebResourceCollectionMetaData.java:105)
2019-11-01 17:31:49,464 INFO [stdout] (MSC service thread 1-2) org.jboss.as.webservices.util.WebMetaDataHelper.newWebResourceCollection(WebMetaDataHelper.java:277)
2019-11-01 17:31:49,464 INFO [stdout] (MSC service thread 1-2) org.jboss.as.webservices.tomcat.WebMetaDataCreator.createSecurityConstraints(WebMetaDataCreator.java:240)
Should that method limitation be removed to avoid such unsecured method warns?
Attachments
Issue Links
- clones
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- is related to
-
-
- Verified
-
