Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004495 [Resin] major always 04-12-11 07:08 04-12-11 12:40
Reporter cowan View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 4.0.17 Product Version 4.0.16
  Product Build
Summary 0004495: transport-guarantee CONFIDENTIAL permits http
Description transport-guarantee CONFIDENTIAL in web.xml is not honored if an auth-constraint also exists. Removing the auth-constraint results in response code 403.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>foo</web-resource-name>
      <url-pattern>*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
  </login-config>

  <security-role>
    <role-name>admin</role-name>
  </security-role>
Steps To Reproduce
Additional Information rep by Keith Fetterman
Attached Files

- Relationships

- Notes
(0005191)
ferg
04-12-11 12:40

server/1a62
 

- Issue History
Date Modified Username Field Change
04-12-11 07:08 cowan New Issue
04-12-11 12:40 ferg Note Added: 0005191
04-12-11 12:40 ferg Assigned To  => ferg
04-12-11 12:40 ferg Status new => closed
04-12-11 12:40 ferg Resolution open => fixed
04-12-11 12:40 ferg Fixed in Version  => 4.0.17


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker