Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004843 [Resin] minor always 11-07-11 16:33 11-08-11 11:07
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 4.0.24 Product Version 4.0.23
  Product Build
Summary 0004843: transport-guarantee confidential with BasicLogin
Description Should redirect to https instead of requesting basic auth.
The bug occurs when auth-constraint/role-name is configured before user-data-constraint/transport-guarantee.
Steps To Reproduce
Additional Information <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://caucho.com/ns/resin" [^]
         xmlns:resin="urn:java:com.caucho.resin">

  <resin:XmlAuthenticator password-digest="none">
    <resin:user name="user" password="password" group="secure_area"/>
  </resin:XmlAuthenticator>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Secure_Web_App</realm-name>
  </login-config>

  <security-role>
    <role-name>secure_area</role-name>
  </security-role>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>secure_area</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>secure_area</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>

  </security-constraint>


</web-app>
Attached Files

- Relationships

- Notes
(0005607)
alex
11-08-11 11:07

server/12hl
 

- Issue History
Date Modified Username Field Change
11-07-11 16:33 alex New Issue
11-08-11 10:44 alex Status new => assigned
11-08-11 10:44 alex Assigned To  => alex
11-08-11 11:07 alex Status assigned => closed
11-08-11 11:07 alex Note Added: 0005607
11-08-11 11:07 alex Resolution open => fixed
11-08-11 11:07 alex Fixed in Version  => 4.0.24


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed.
25 unique queries executed.
Powered by Mantis Bugtracker