Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004843 [Resin] minor always 11-07-11 16:33 11-08-11 11:07
Reporter alex View Status public  
Assigned To alex
Priority normal Resolution fixed  
Status closed   Product Version 4.0.23
Summary 0004843: transport-guarantee confidential with BasicLogin
Description Should redirect to https instead of requesting basic auth.
The bug occurs when auth-constraint/role-name is configured before user-data-constraint/transport-guarantee.
Additional Information <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://caucho.com/ns/resin" [^]
         xmlns:resin="urn:java:com.caucho.resin">

  <resin:XmlAuthenticator password-digest="none">
    <resin:user name="user" password="password" group="secure_area"/>
  </resin:XmlAuthenticator>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Secure_Web_App</realm-name>
  </login-config>

  <security-role>
    <role-name>secure_area</role-name>
  </security-role>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>secure_area</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>secure_area</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>

  </security-constraint>


</web-app>
Attached Files

- Relationships

- Notes
(0005607)
alex
11-08-11 11:07

server/12hl
 

- Issue History
Date Modified Username Field Change
11-07-11 16:33 alex New Issue
11-08-11 10:44 alex Status new => assigned
11-08-11 10:44 alex Assigned To  => alex
11-08-11 11:07 alex Status assigned => closed
11-08-11 11:07 alex Note Added: 0005607
11-08-11 11:07 alex Resolution open => fixed
11-08-11 11:07 alex Fixed in Version  => 4.0.24


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
28 total queries executed.
25 unique queries executed.
Powered by Mantis Bugtracker