Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-63

JACC: Security Constraint missing an auth-constraint needs an unchecked permission

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • 2.0.1-BETA
    • 2.0.GA
    • AS-Integration
    • None
    • Medium

      Given a snippet

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>MyBit4</web-resource-name>
      <url-pattern>/unchecked.jsp</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      </web-resource-collection>
      <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      This requires an unchecked permission added to the policy as follows:
      WebResourcePermission("/unchecked.jsp", (String) null))

              anil.saldhana Anil Saldanha (Inactive)
              anil.saldhana Anil Saldanha (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: