|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 4843 | minor | always | 11-07-11 16:33 | 11-08-11 11:07 | |
|
|
|||||
| Reporter: | alex | Platform: | |||
| Assigned To: | alex | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 4.0.23 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 4.0.24 | ||
|
|
|||||
| Summary: | 0004843: transport-guarantee confidential with BasicLogin | ||||
| Description: |
Should redirect to https instead of requesting basic auth. The bug occurs when auth-constraint/role-name is configured before user-data-constraint/transport-guarantee. |
||||
| Steps To Reproduce: | |||||
| Additional Information: |
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://caucho.com/ns/resin" [^] xmlns:resin="urn:java:com.caucho.resin"> <resin:XmlAuthenticator password-digest="none"> <resin:user name="user" password="password" group="secure_area"/> </resin:XmlAuthenticator> <login-config> <auth-method>BASIC</auth-method> <realm-name>Secure_Web_App</realm-name> </login-config> <security-role> <role-name>secure_area</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>secure_area</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>secure_area</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> |
||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||