tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (TOMEE-2357) MicroProfile JWT @RolesAllowed is been applied with a all or nothing policy
Date Fri, 14 Dec 2018 02:56:00 GMT

     [ https://issues.apache.org/jira/browse/TOMEE-2357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

ASF GitHub Bot updated TOMEE-2357:
----------------------------------
    Labels: pull-request-available  (was: )

> MicroProfile JWT @RolesAllowed is been applied with a all or nothing policy
> ---------------------------------------------------------------------------
>
>                 Key: TOMEE-2357
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2357
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 8.0.0-M1
>            Reporter: Cesar Hernandez
>            Assignee: Cesar Hernandez
>            Priority: Major
>              Labels: pull-request-available
>
> *Repro steps*
> REST endpoint annotated with:
> @RolesAllowed(\{"A", "B"})
> reply with a 403 if the JWT used in the request doesn't have exactly the two A and B
group of claims. 
>  
> *Expected Result*
> A valid request should be processed if and only if ***at least* one of the allowed roles
is provided in the JWT group of claims.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message