Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-3212

Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.

    XMLWordPrintable

Details

    • Workaround Exists
    • Hide

      Remove the trailing /* from the URL pattern in the web.xml

      Show
      Remove the trailing /* from the URL pattern in the web.xml
    • Low

    Description

      Take an endpoint with a servlet-mapping similar to: -

      <servlet-mapping>
      <servlet-name>PhoneBook</servlet-name>
      <url-pattern>/PB</url-pattern>
      </servlet-mapping>

      If the transport-guarantee is defined as: -

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>CONFIDENTIAL</web-resource-name>
      <url-pattern>/PB</url-pattern>

      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      JBossWS will detect this correctly and place a https address in the WSDL.

      However if the url-pattern is changed to: -

      <url-pattern>/PB/*</url-pattern>

      JBoss Web will still enforce the transport-guarantee for the call JBossWS will not detect this and will present a wsdl with a http address.

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-4406 JBossWS - Incomplete CONFIDENTIAL transport-guarantee detection for POJO endpoint.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: