Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-4691

JACC: Unchecked WebUserDataPermission(s) for excluded and transport guarantee use cases

    XMLWordPrintable

    Details

    • Estimated Difficulty:
      Medium

      Description

      If security constraints exist with an excluding auth-constraint, then a WUDP needs to be added to unchecked policy for http methods that are non-excluded.

      Additionally, an unchecked perm should be added for :
      /**

      • A WebResourcePermission and a WebUserDataPermission must be added to the unchecked
      • policy statements for each url-pattern in the DD and the default pattern, "/",
        that is not combined by the webresource-collection elements of the deployment descriptor
      • with every HTTP method value. (JACC 1.0: Section 3.1.3.1)
        */

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                anil.saldhana Anil Saldanha
                Reporter:
                anil.saldhana Anil Saldanha
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: