Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
7.1.0.CR1b
-
None
Description
security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter
My settings: @ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" }, transportGuarantee = TransportGuarantee.CONFIDENTIAL) ) web.xml excerpt: <security-constraint> <web-resource-collection> <web-resource-name>sec</web-resource-name> <url-pattern>/tgmixed/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>gooduser</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>