|Anonymous | Login | Signup for a new account||02-27-2021 19:56 PST|
|Main | My View | View Issues | Change Log | Docs|
|Viewing Issue Simple Details [ Jump to Notes ]||[ View Advanced ] [ Issue History ] [ Print ]|
|ID||Category||Severity||Reproducibility||Date Submitted||Last Update|
|0001419||[Resin]||minor||always||10-19-06 10:33||05-02-07 10:09|
|Summary||0001419: multiple http-method security-constraints|
(rep by K Fetterman)
In the specification, it shows an example of the security constraints
that are placed in web.xml. I have displayed it below:
From what I read, the above configuration should prevent all DELETE and
PUT requests and use Basic Auth to when performing GET and POST
requests. Resin doesn't do this. Using the above configuration, it does
not perform any authentication when performing a GET or POST request.
Essentially, it ignores the second security constraint declaration and
allows anyone to perform a get or post.
I tried various combinations of above, but none work as expected.
I ended up deleting the second security constraint and removing all
<http-method> declarations so the security constraint applies to all
|10-19-06 10:33||sam||New Issue|
|05-02-07 10:09||ferg||Note Added: 0001970|
|05-02-07 10:09||ferg||Assigned To||=> ferg|
|05-02-07 10:09||ferg||Status||new => closed|
|05-02-07 10:09||ferg||Resolution||open => fixed|
|05-02-07 10:09||ferg||Fixed in Version||=> 3.1.2|
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.|
26 unique queries executed.