Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-4406

JBossWS - Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.1.1
    • EAP 5.0.1
    • Web Services
    • None
    • Workaround Exists
    • Hide

      Remove the trailing /* from the url-pattern.

      Show
      Remove the trailing /* from the url-pattern.
    • Not Required

      Take an endpoint with a servlet-mapping similar to: -

      <servlet-mapping>
      <servlet-name>PhoneBook</servlet-name>
      <url-pattern>/PB</url-pattern>
      </servlet-mapping>

      If the transport-guarantee is defined as: -

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>CONFIDENTIAL</web-resource-name>
      <url-pattern>/PB</url-pattern>

      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      JBossWS will detect this correctly and place a https address in the WSDL.

      However if the url-pattern is changed to: -

      <url-pattern>/PB/*</url-pattern>

      JBoss Web will still enforce the transport-guarantee for the call JBossWS will not detect this and will present a wsdl with a http address.

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: