Red Hat Bugzilla – Bug 1021783
Update product errai docs to include security warning
Last modified: 2014-11-10 04:29:11 EST
Describe the issue:
The default errai bus servlet mapping in our documentation:
Maps *.erraiBus to the errai servlet, without specifying any further path:
This can potentially conflict with the intended security constraint applied to the whole application.
Suggestions for improvement:
An XML comment should be added above each servlet-mapping example to highlight this:
This wildcard mapping allows ErraiBus to communicate from any point in your application's URI hierarchy. For example, all of the following are equivalent from Errai's point of view:
If you rely on your own security rules or a custom security filter (rather than the security framework within ErraiBus) ensure you use the same mapping pattern for that filter or security-constraint as you do for the Errai Servlet itself.
Alternatively, we could add a single admonition to the docs rather than an XML comment in each example.
Security warning added to the docs for the upcoming WFK 2.4 release , and also to the already released WFK 2.3. A ticket  was filed for release engineering to update the 2.3 book on the Customer Portal.
thanks Petr !
Verified in both WFK 2.3 and WFK 2.4 docs