Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-3485

JBoss AS 7 requires authentication for unsecured @WebMethod

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • None
    • None
    • None
    • Hide

      1. Create 2 users in the standalone domain as shown in the description section.
      2. Start the JBoss AS 7 server.
      3. Extract the project attached with the forum reference and run the tests.

      Show
      1. Create 2 users in the standalone domain as shown in the description section. 2. Start the JBoss AS 7 server. 3. Extract the project attached with the forum reference and run the tests.

    Description

          • Not sure about component or affect versions, please excuse ***

      Have a simple EJB3 Endpoint with 3 methods, one unannotated, another annotated @PermitAll and the other one annotated @RolesAllowed. Using security domain "other" with 2 users, details shown below. JBoss returns 401 when the unannotated/unsecured method is invoked without proper authorization. It shouldn't care about authentication or authorization for the unannotated/unsecured method.
      Attached with the forum post is a project that demonstrates the problem. The post started of on an incorrect understanding but ends with the correct one so please read it fully before commenting.

      1. application-users.properties #
      2. is for illustration only and does not correspond to a usable password.
        #
        #admin=2a0923285184943425d1f53ddd58ec7a
        user=8544a03c79aee5b1c99458d83ee0f9e0
        guest=1bb6b7c18b5c1dab17f5141fa398905a
      1. application-roles.properties #
        #
        #admin=PowerUser,BillingAdmin,
        #guest=guest
        user=AppUser
        guest=AppGuest

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. AS7-5784 WSIntegrationProcessorJAXWS_EJB does not process @PermitAll, @DeclareRoles and @RolesAllowed properly

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              Abhi0123 Abhijit Sarkar (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: