cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "metatech (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-5864) Anonymous users are denied to call unprotected methods since 2.6.3
Date Wed, 09 Jul 2014 11:05:05 GMT

     [ https://issues.apache.org/jira/browse/CXF-5864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

metatech updated CXF-5864:
--------------------------

    Description: 
Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods.
The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that
the UserPrincipal is not null.
Any call results now into a AccessDeniedException.

{code}
Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
~[cxf-rt-core-2.6.3.jar:2.6.3]
{code}


  was:
Since CXF-4495 (contained in CXF 2.6.3), anonymous users do no have any permissions anymore.
The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that
the UserPrincipal is not null.
Any call results now into a AccessDeniedException.

{code}
Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
~[cxf-rt-core-2.6.3.jar:2.6.3]
{code}


        Summary: Anonymous users are denied to call unprotected methods since 2.6.3  (was:
Anonymous users have no permissions since 2.6.3)

> Anonymous users are denied to call unprotected methods since 2.6.3
> ------------------------------------------------------------------
>
>                 Key: CXF-5864
>                 URL: https://issues.apache.org/jira/browse/CXF-5864
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.6.3
>            Reporter: metatech
>
> Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected
methods.
> The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks
that the UserPrincipal is not null.
> Any call results now into a AccessDeniedException.
> {code}
> Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
> 	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
~[cxf-rt-core-2.6.3.jar:2.6.3]
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message