Bug 1021783 - Update product errai docs to include security warning
Update product errai docs to include security warning
Product: JBoss Enterprise WFK Platform 2
Classification: JBoss
Component: doc-Errai-Reference-Guide (Show other bugs)
Unspecified Unspecified
high Severity high
: ---
: 2.4.0
Assigned To: Ankit Patel
Emil Cervenan
Depends On:
Blocks: 997247
  Show dependency treegraph
Reported: 2013-10-22 01:58 EDT by David Jorm
Modified: 2014-11-10 04:29 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-11-10 04:29:11 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Jorm 2013-10-22 01:58:48 EDT
Document URL: 


Describe the issue: 

The default errai bus servlet mapping in our documentation:


Maps *.erraiBus to the errai servlet, without specifying any further path:


This can potentially conflict with the intended security constraint applied to the whole application.

Suggestions for improvement:

An XML comment should be added above each servlet-mapping example to highlight this:

This wildcard mapping allows ErraiBus to communicate from any point in your application's URI hierarchy. For example, all of the following are equivalent from Errai's point of view:


If you rely on your own security rules or a custom security filter (rather than the security framework within ErraiBus) ensure you use the same mapping pattern for that filter or security-constraint as you do for the Errai Servlet itself.

Alternatively, we could add a single admonition to the docs rather than an XML comment in each example.

Additional information:
Comment 1 Petr Penicka 2013-10-23 05:18:54 EDT
Security warning added to the docs for the upcoming WFK 2.4 release [1], and also to the already released WFK 2.3. A ticket [2] was filed for release engineering to update the 2.3 book on the Customer Portal.

[2] https://engineering.redhat.com/rt/Ticket/Display.html?id=261185
Comment 2 Pavel SLegr 2013-10-23 06:18:02 EDT
thanks Petr !
Comment 3 Matous Jobanek 2013-10-31 10:55:45 EDT
Verified in both WFK 2.3 and WFK 2.4 docs

Note You need to log in before you can comment on or make changes to this bug.