Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-17918

[GSS](7.2.z) unsecured path warn for secured @WebService bean

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • None
    • Web Services
    • None
    • +
    • Hide

      Deploy attached test app

      Show
      Deploy attached test app

      A secured @WebService bean hits the following warns:

      WARN  [io.undertow.servlet] (ServerService Thread Pool -- 86) UT015020: Path /TestBean is secured for some HTTP methods, however it is not secured for [TRACE, HEAD, DELETE, GET, CONNECT, OPTIONS, PUT]

      org.jboss.as.webservices.util.WebMetaDataHelper.newWebResourceCollection sets the applicable methods to only POST or GET/POST:

      2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) GSS WebResourceCollectionMetaData.setHttpMethods: org.jboss.metadata.web.spec.WebResourceCollectionMetaData@bf779782{TestBean} [POST]
2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) org.jboss.metadata.web.spec.WebResourceCollectionMetaData.setHttpMethods(WebResourceCollectionMetaData.java:105)
2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) org.jboss.as.webservices.util.WebMetaDataHelper.newWebResourceCollection(WebMetaDataHelper.java:277)
2019-11-01 17:31:49,464 INFO  [stdout] (MSC service thread 1-2) org.jboss.as.webservices.tomcat.WebMetaDataCreator.createSecurityConstraints(WebMetaDataCreator.java:240)

      Should that method limitation be removed to avoid such unsecured method warns?

        1. test.zip
          23 kB

            rhn-support-iweiss Ingo Weiss
            rhn-support-aogburn Aaron Ogburn
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: