|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 4495 | major | always | 04-12-11 07:08 | 04-12-11 12:40 | |
|
|
|||||
| Reporter: | cowan | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 4.0.16 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 4.0.17 | ||
|
|
|||||
| Summary: | 0004495: transport-guarantee CONFIDENTIAL permits http | ||||
| Description: |
transport-guarantee CONFIDENTIAL in web.xml is not honored if an auth-constraint also exists. Removing the auth-constraint results in response code 403. <security-constraint> <web-resource-collection> <web-resource-name>foo</web-resource-name> <url-pattern>*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>admin</role-name> </security-role> |
||||
| Steps To Reproduce: | |||||
| Additional Information: | rep by Keith Fetterman | ||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||