Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8955111ADD for ; Wed, 9 Jul 2014 11:05:05 +0000 (UTC) Received: (qmail 34760 invoked by uid 500); 9 Jul 2014 11:05:05 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 34725 invoked by uid 500); 9 Jul 2014 11:05:05 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 34708 invoked by uid 99); 9 Jul 2014 11:05:05 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Jul 2014 11:05:05 +0000 Date: Wed, 9 Jul 2014 11:05:05 +0000 (UTC) From: "metatech (JIRA)" To: issues@cxf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (CXF-5864) Anonymous users are denied to call unprotected methods since 2.6.3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-5864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] metatech updated CXF-5864: -------------------------- Description: Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods. The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null. Any call results now into a AccessDeniedException. {code} Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3] {code} was: Since CXF-4495 (contained in CXF 2.6.3), anonymous users do no have any permissions anymore. The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null. Any call results now into a AccessDeniedException. {code} Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3] {code} Summary: Anonymous users are denied to call unprotected methods since 2.6.3 (was: Anonymous users have no permissions since 2.6.3) > Anonymous users are denied to call unprotected methods since 2.6.3 > ------------------------------------------------------------------ > > Key: CXF-5864 > URL: https://issues.apache.org/jira/browse/CXF-5864 > Project: CXF > Issue Type: Bug > Affects Versions: 2.6.3 > Reporter: metatech > > Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods. > The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null. > Any call results now into a AccessDeniedException. > {code} > Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized > at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3] > {code} -- This message was sent by Atlassian JIRA (v6.2#6252)