Bug 900668 (JBPAPP6-1416) - JACC permissions with HTTP method exception list are not correctly implemented
Summary: JACC permissions with HTTP method exception list are not correctly implemented
Keywords:
Status: CLOSED EOL
Alias: JBPAPP6-1416
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: EAP 6.4.0
Assignee: Stefan Guilhen
QA Contact: Pavel Slavicek
URL: http://jira.jboss.org/jira/browse/JBP...
Whiteboard: eap601candidate ShouldBeFixed
: JBPAPP6-1376 (view as bug list)
Depends On:
Blocks: 1022245
TreeView+ depends on / blocked
 
Reported: 2012-06-26 12:39 UTC by Josef Cacek
Modified: 2019-08-19 12:45 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-19 12:45:37 UTC
Type: Bug
Embargoed:
sguilhen: needinfo-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker JBPAPP6-1416 0 Major Closed JACC permissions with HTTP method exception list are not correctly implemented 2017-08-31 10:37:31 UTC

Description Josef Cacek 2012-06-26 12:39:46 UTC 
project_key: JBPAPP6

JACC 1.1 permissions WebResourcePermission and WebUserDataPermission with an HTTP method exception list as actions should provide the correct list instead of null when calling getActions() method on them. Look at section "3.1.3.4 - Example" of the JACC 1.1 specification.

There is also a second problem related - WebUserDataPermission.parseActions(String) method should remove the exclamation mark from the actions local variable before calling
{code} 
Object[] methodInfo = WebResourcePermission.canonicalMethods(actions);
{code}
Comment 1 Rajesh Rajasekaran 2012-07-11 20:28:16 UTC 
Labels: Added: eap601candidate
Comment 2 Anne-Louise Tangring 2012-11-13 20:57:57 UTC 
Docs QE Status: Removed: NEW
Comment 3 FIlip Bogyai 2013-12-10 10:10:45 UTC 
The Java EE 6 platform requires JACC 1.4, and we are already using it for EAP6.  Generating of WebResourcePermission and WebUserDataPermission actions is now correct for JACC version 1.1, but not for JACC 1.4. They are mainly different in using of exclamation point character. Look at section "3.1.3.5 - Example" of the JACC 1.4 specification, which can be found here:
https://jcp.org/aboutJava/communityprocess/mrel/jsr115/index2.html
Comment 4 Josef Cacek 2014-07-16 07:19:46 UTC 
*** Bug 900671 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.