cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Akitoshi Yoshida (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5864) Anonymous users are denied to call unprotected methods since 2.6.3
Date Fri, 11 Jul 2014 12:13:04 GMT

    [ https://issues.apache.org/jira/browse/CXF-5864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14058702#comment-14058702
] 

Akitoshi Yoshida commented on CXF-5864:
---------------------------------------

hi,
I am slightly concerned with this change.

The consequence of this change means that some services that are previously not accessible
by default will suddenly be accessible after being upgraded to this newer version? 

If so, should this at least be explicitly mentioned in the release note to warn those who
unknowingly assumed the previous behaviour?

regards, aki


> Anonymous users are denied to call unprotected methods since 2.6.3
> ------------------------------------------------------------------
>
>                 Key: CXF-5864
>                 URL: https://issues.apache.org/jira/browse/CXF-5864
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.6.3
>            Reporter: metatech
>            Assignee: Sergey Beryozkin
>             Fix For: 2.6.15, 2.7.12, 3.0.1
>
>         Attachments: patch.txt
>
>
> Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected
methods.
> The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks
that the UserPrincipal is not null.
> Any call results now into a AccessDeniedException.
> {code}
> Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
> 	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
~[cxf-rt-core-2.6.3.jar:2.6.3]
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message