tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cesar Hernandez (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TOMEE-2357) MicroProfile JWT @RolesAllowed is been applied with a all or nothing policy
Date Wed, 12 Dec 2018 05:17:00 GMT
Cesar Hernandez created TOMEE-2357:
--------------------------------------

             Summary: MicroProfile JWT @RolesAllowed is been applied with a all or nothing
policy
                 Key: TOMEE-2357
                 URL: https://issues.apache.org/jira/browse/TOMEE-2357
             Project: TomEE
          Issue Type: Bug
          Components: TomEE Core Server
    Affects Versions: 8.0.0-M1
            Reporter: Cesar Hernandez


*Repro steps*

REST endpoint annotated with:

@RolesAllowed(\{"A", "B"})

reply with a 403 if the JWT used in the request doesn't have exactly the two A and B group
of claims. 

 

*Expected Result*

A valid request should be processed if and only if ***at least* one of the allowed roles
is provided in the JWT group of claims.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message