-
Bug
-
Resolution: Done
-
Major
-
None
-
None
As Undertow processes a deployment to convert the security constraints to a JACC Policy using JACC Permissions there is a step which adds unchecked permissions based on the HTTP methods seen so far: -
if(jbossWebMetaData.getDenyUncoveredHttpMethods() == null) { if (seenMethods.size() != NUMBER_OF_HTTP_METHODS) { WebResourcePermission wrpUnchecked = new WebResourcePermission(qurl, "!" + getCommaSeparatedString(seenMethods.toArray(new String[seenMethods.size()]))); pc.addToUncheckedPolicy(wrpUnchecked); } }
If no methods have been seen so far this can lead to an action of "!".
Where an action is null or empty String the meaning is "all methods".
Where a list of methods of prefixed with "!" the meaning is "all methods except those listed".
Where we use "Unable to render embedded object: File (" we mean all methods as we have not already encountered any, however the API does specify the syntax and a single ") not found." without any actions is invalid so for that scenario we should use null or empty String.
- is incorporated by
-
WFLY-12300 Convert to Jakarta EE 8 specification APIs
- Closed