Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-3212

Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.

XMLWordPrintable

    • Workaround Exists
    • Hide

      Remove the trailing /* from the URL pattern in the web.xml

      Show
      Remove the trailing /* from the URL pattern in the web.xml
    • Low

      Take an endpoint with a servlet-mapping similar to: -

      <servlet-mapping>
      <servlet-name>PhoneBook</servlet-name>
      <url-pattern>/PB</url-pattern>
      </servlet-mapping>

      If the transport-guarantee is defined as: -

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>CONFIDENTIAL</web-resource-name>
      <url-pattern>/PB</url-pattern>

      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      JBossWS will detect this correctly and place a https address in the WSDL.

      However if the url-pattern is changed to: -

      <url-pattern>/PB/*</url-pattern>

      JBoss Web will still enforce the transport-guarantee for the call JBossWS will not detect this and will present a wsdl with a http address.

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: