Anonymous | Login | Signup for a new account | 12-17-2024 11:46 PST |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0004495 | [Resin] | major | always | 04-12-11 07:08 | 04-12-11 12:40 | ||||
Reporter | cowan | View Status | public | ||||||
Assigned To | ferg | ||||||||
Priority | normal | Resolution | fixed | Platform | |||||
Status | closed | OS | |||||||
Projection | none | OS Version | |||||||
ETA | none | Fixed in Version | 4.0.17 | Product Version | 4.0.16 | ||||
Product Build | |||||||||
Summary | 0004495: transport-guarantee CONFIDENTIAL permits http | ||||||||
Description |
transport-guarantee CONFIDENTIAL in web.xml is not honored if an auth-constraint also exists. Removing the auth-constraint results in response code 403. <security-constraint> <web-resource-collection> <web-resource-name>foo</web-resource-name> <url-pattern>*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>admin</role-name> </security-role> |
||||||||
Steps To Reproduce | |||||||||
Additional Information | rep by Keith Fetterman | ||||||||
Attached Files | |||||||||
|
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed. 26 unique queries executed. |