Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-4406

JBossWS - Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.

    Details

    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Remove the trailing /* from the url-pattern.

      Show
      Remove the trailing /* from the url-pattern.
    • Release Notes Docs Status:
      Not Required

      Description

      Take an endpoint with a servlet-mapping similar to: -

      <servlet-mapping>
      <servlet-name>PhoneBook</servlet-name>
      <url-pattern>/PB</url-pattern>
      </servlet-mapping>

      If the transport-guarantee is defined as: -

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>CONFIDENTIAL</web-resource-name>
      <url-pattern>/PB</url-pattern>

      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      JBossWS will detect this correctly and place a https address in the WSDL.

      However if the url-pattern is changed to: -

      <url-pattern>/PB/*</url-pattern>

      JBoss Web will still enforce the transport-guarantee for the call JBossWS will not detect this and will present a wsdl with a http address.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  dlofthouse Darran Lofthouse
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: