geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-3156) Web security parsing can result in wrong unchecked WebResourcePermissions
Date Tue, 15 May 2007 08:08:16 GMT
Web security parsing can result in wrong unchecked WebResourcePermissions
-------------------------------------------------------------------------

                 Key: GERONIMO-3156
                 URL: https://issues.apache.org/jira/browse/GERONIMO-3156
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security, web
    Affects Versions: 2.0-M6
            Reporter: David Jencks
         Assigned To: David Jencks
             Fix For: 2.0-M6


There are some bugs in HTTPMethods that result in a security constraint like

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>uncheckedtest1</web-resource-name>
            <url-pattern>/Test</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>Admin</role-name>
        </auth-constraint>
    </security-constraint>


turning into an unchecked WebResourcePermission.  This is because HTTPMethods is adding ""
as a method and the isNone() method is backwards.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message