Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-3415

security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • 7.1.0.CR1b
    • Web
    • None

    Description

      security-constraint/user-data-constraint/transport-guarantee in web.xml file doesn't override setting from servlet @ServletSecurity transportGuarantee parameter

      My settings:
@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" }, transportGuarantee = TransportGuarantee.CONFIDENTIAL) )

web.xml excerpt:
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>sec</web-resource-name>
            <url-pattern>/tgmixed/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>gooduser</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

      Attachments

        Activity

          People

            rmaucher Remy Maucherat
            pskopek@redhat.com Peter Skopek
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: