Uploaded image for project: 'JBoss BPMS Platform'
  1. JBoss BPMS Platform
  2. RHBPMS-1164

REST API roles restrictions do not work on WebSphere and WebLogic

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 6.3.0
    • 6.2.0
    • Business Central
    • None

      Description of problem:
      When you try to execute some commands through REST API with a user without any REST-specific role, you will get SUCCESS response on WebSphere and WebLogic.

      Version-Release number of selected component (if applicable):
      6.2.0 ER5

      Steps to Reproduce:
      1. Set up BPMS on WebSphere or WebLogic
      2. Create a user without any rest role
      3. Try to execute some command with this user

      Actual results:
      No exception and SUCCESS response.

      Expected results:
      Exception should be thrown

      Additional info:
      We have it covered by these tests:
      https://gitlab.mw.lab.eng.bos.redhat.com/bxms/brms/blob/master/test-jbpm-integration/src/test/java/org/jboss/qa/bpms/jbpm/integration/security/RestApiRoleAccessTest.java

      All the *AccessDenied tests pass on EAP and EWS but fail on WebSphere and WebLogic.

        1. WebLogic client test log.log
          574 kB
          Tomáš Livora
        2. WebLogic server test log.log
          432 kB
          Tomáš Livora
        3. WebSphere test client log.log
          6 kB
          Tomáš Livora

            swiderski.maciej Maciej Swiderski (Inactive)
            tlivora Tomáš Livora (Inactive)
            Tomáš Livora Tomáš Livora (Inactive)
            Tomáš Livora Tomáš Livora (Inactive)
            Alessandro Lazarotti, Kris Verlaenen, Lukáš Petrovický (Inactive), Rajesh Rajasekaran
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: