Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-63

JACC: Security Constraint missing an auth-constraint needs an unchecked permission

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 2.0.1-BETA
    • 2.0.GA
    • AS-Integration
    • None
    • Medium

    Description

      Given a snippet

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>MyBit4</web-resource-name>
      <url-pattern>/unchecked.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      This requires an unchecked permission added to the policy as follows:
      WebResourcePermission("/unchecked.jsp", (String) null))

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            anil.saldhana Anil Saldanha (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: