Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-1695

JACC: incorrect <role-name>*</role-name> mapping of web.xml

    XMLWordPrintable

Details

    Description

      The JACC specification (section 3.1.3.1) states:
      When an auth-constraint names the reserved role-name, "*", all of the patterns in the containing security-constraint must be combined with all of the roles defined in the web application. ...

      This is not the case as JBoss ignores this definition and creates a WebResourcePermission for the role "*".

      Regards,
      Andrea

      Attachments

        Activity

          People

            starksm64 Scott Stark (Inactive)
            wv-javacoder Roland Räz (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 2 hours
                2h
                Remaining:
                Remaining Estimate - 2 hours
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified