Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 2.3.2.Final, 2.2.23.Final
Affects Version/s: 2.3.1.Final, 2.2.22.Final, 2.2.22.SP1
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1422, https://github.com/undertow-io/undertow/pull/1423

The Undertow upgrade to 2.3.1.Final in WildFly broke the DenyUncoveredHttpMethodsTestCase. The reason is that, because default security config is blank, the match algorithm assumes that deny-uncovered-methods makes any method uncovered from that perspective, even when there are security configs for that particular method.
Because security matches is merged, if the algorithm finds an allow and a deny, when merging the results the outcome is allow and hence the test fails.

is caused by

UNDERTOW-2188 Adjust corner case of covered methods if no methods are present

Closed

relates to

UNDERTOW-2211 deny-uncovered-methods regards omitted methods as covered

Resolved

UNDERTOW-2213 Revert deny-uncovered-methods fix for corner case

Closed

Assignee:: Flavia Rainone

Reporter:: Flavia Rainone

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/12/13 6:32 AM

Updated:: 2023/02/14 5:20 AM

Resolved:: 2023/02/14 5:20 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide