Mantis Bugtracker

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001419 [Resin] minor always 10-19-06 10:33 05-30-07 10:09
Reporter sam View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 3.1.2 Product Version 3.0.19
  Product Build
Summary 0001419: multiple http-method security-constraints
Description (rep by K Fetterman)

In the specification, it shows an example of the security constraints
that are placed in web.xml. I have displayed it below:

     <web-resource-name>restricted methods</web-resource-name>



From what I read, the above configuration should prevent all DELETE and
PUT requests and use Basic Auth to when performing GET and POST
requests. Resin doesn't do this. Using the above configuration, it does
not perform any authentication when performing a GET or POST request.
Essentially, it ignores the second security constraint declaration and
allows anyone to perform a get or post.

I tried various combinations of above, but none work as expected.
I ended up deleting the second security constraint and removing all
<http-method> declarations so the security constraint applies to all
Steps To Reproduce
Additional Information
Attached Files

- Relationships

- Notes
05-30-07 10:09


- Issue History
Date Modified Username Field Change
10-19-06 10:33 sam New Issue
05-30-07 10:09 ferg Note Added: 0001970
05-30-07 10:09 ferg Assigned To  => ferg
05-30-07 10:09 ferg Status new => closed
05-30-07 10:09 ferg Resolution open => fixed
05-30-07 10:09 ferg Fixed in Version  => 3.1.2

Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker