| Anonymous | Login | Signup for a new account | 12-17-2024 08:51 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004495 | [Resin] | major | always | 04-12-11 07:08 | 04-12-11 12:40 | ||||
| Reporter | cowan | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | 4.0.16 | ||||||
| Summary | 0004495: transport-guarantee CONFIDENTIAL permits http | ||||||||
| Description |
transport-guarantee CONFIDENTIAL in web.xml is not honored if an auth-constraint also exists. Removing the auth-constraint results in response code 403. <security-constraint> <web-resource-collection> <web-resource-name>foo</web-resource-name> <url-pattern>*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>admin</role-name> </security-role> |
||||||||
| Additional Information | rep by Keith Fetterman | ||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0005191) ferg 04-12-11 12:40 |
server/1a62 |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 04-12-11 07:08 | cowan | New Issue | |
| 04-12-11 12:40 | ferg | Note Added: 0005191 | |
| 04-12-11 12:40 | ferg | Assigned To | => ferg |
| 04-12-11 12:40 | ferg | Status | new => closed |
| 04-12-11 12:40 | ferg | Resolution | open => fixed |
| 04-12-11 12:40 | ferg | Fixed in Version | => 4.0.17 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed. 26 unique queries executed. |  |
