geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "viola.lu (JIRA)" <j...@apache.org>
Subject [jira] Reopened: (GERONIMO-4738) ejb ws report authorization failures as 500 internal server error
Date Wed, 02 Jun 2010 08:29:51 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

viola.lu reopened GERONIMO-4738:
--------------------------------


After remove <assembly-descriptor>
        <security-role>
            <role-name>admin</role-name>
        </security-role>
        <method-permission>
            <role-name>admin</role-name>
            <method>
                <ejb-name>BeanBasic</ejb-name>
                <method-name>greetMe</method-name>
            </method>
            <method>
                <ejb-name>BeanBasicAllowGet</ejb-name>
                <method-name>greetMe</method-name>
            </method>
        </method-permission>
        <method-permission>
            <unchecked/>
            <method>
                <ejb-name>BeanHttps</ejb-name>
                <method-name>greetMe</method-name>
            </method>
            <method>
                <ejb-name>BeanHttpsAllowGet</ejb-name>
                <method-name>greetMe</method-name>
            </method>
        </method-permission>
    </assembly-descriptor>
from $source\testsuite\webservices-testsuite\jaxws-tests\jaxws-ejb-sec\src\main\filtered-resources\META-INF\ejb-jar.xml,


there is still errors, reopen it.

> ejb ws report authorization failures as 500 internal server error
> -----------------------------------------------------------------
>
>                 Key: GERONIMO-4738
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4738
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: webservices
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: Delos Dai
>             Fix For: 2.2.1
>
>
> If you secure an ejb web service with ejb security constraints cxf reports authorization
failures as 500 internal server error and doesn't log much useful.  Axis2 logs the auth failure
and IIRC reports 401 or 403.
> I think this can be reproduced by removing the ejb-jar.xml security constraints from
  testsuite/webservices-testsuite/jaxws-tests/jaxws-ejb-sec/src/main/resources/META-INF/ejb-jar.xml

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message