Bug 1283109
Summary: | REST API roles restrictions do not work on WebSphere and WebLogic | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] JBoss BPMS Platform 6 | Reporter: | Tomas Livora <tlivora> | ||||||||
Component: | Business Central | Assignee: | Marco Rietveld <mrietvel> | ||||||||
Status: | CLOSED EOL | QA Contact: | Lukáš Petrovický <lpetrovi> | ||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | urgent | ||||||||||
Version: | 6.2.0 | CC: | alazarot, kverlaen, lpetrovi, rrajasek | ||||||||
Target Milestone: | DR1 | ||||||||||
Target Release: | 6.3.0 | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | |||||||||||
: | 1295537 (view as bug list) | Environment: | |||||||||
Last Closed: | 2020-03-27 20:04:26 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 1272981, 1314445 | ||||||||||
Bug Blocks: | 1295537 | ||||||||||
Attachments: |
|
Description
Tomas Livora
2015-11-18 09:52:26 UTC
Created attachment 1095920 [details]
WebLogic server test log
See that there is for example an attempt to claim the task by a user that should not be allowed to use REST API.
Created attachment 1095937 [details]
WebSphere test client log
The behaviour slightly differs on WebSphere. The following exception is thrown on the client side:
org.jboss.resteasy.client.ClientResponseFailure: RESTEASY001380: Input stream was empty, there is no entity
Note that all these tests use REST directly (without RemoteRuntimeEngine).
Maybe this is necessary? https://github.com/droolsjbpm/kie-wb-distributions/commit/e5bfecc2#diff-8f59b4c5bda82084ad873bbc8be03756L9 WAS does work as expected based on my tests - still struggling with QE tests to run reliably locally but it might be same issue with cached credentials on HttpURLConnection as described here: https://bugzilla.redhat.com/show_bug.cgi?id=1280313#c15 there are additional fixes required for WebLogic, pull requests created: 6.3.x: https://github.com/droolsjbpm/kie-wb-distributions/pull/151 master: https://github.com/droolsjbpm/kie-wb-distributions/pull/152 fixed on master kie-wb-distributions master: https://github.com/droolsjbpm/kie-wb-distributions/commit/e42d4733c67c3e1af7cdd8f04794a3272d94dffe in case it should be back ported please assign it back to me Verified on BPM Suite 6.3.0 ER1 |