Uploaded image for project: 'Thorntail'
  1. Thorntail
  2. THORN-1755

Microprofile JWT - Method not protected

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2017.12.1
    • Fix Version/s: 2018.4.1
    • Component/s: microprofile
    • Labels:
      None

      Description

      With Microprofile JWT - the base method of a path does not get protected.

      Example : anybody can call the connect method

      @Produces(MediaType.APPLICATION_JSON)
      @Consumes(MediaType.APPLICATION_JSON)
      @Path("/auth")
      @RolesAllowed("TEST")
      public interface AuthResource {
      
          @POST
          @Path("/refuse")
          UserAuth refuse(RefuseAuth refuseAuth);
      
          @POST
          UserAuth connect(ConnectAuth connectAuth);
      
      }
      

      I think the problem is in this class : MPJWTAuthExtensionArchivePreparer

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                mkouba Martin Kouba
                Reporter:
                jonleyo Jonathan Laterreur
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: