[jira] [Updated] (CXF-5864) Anonymous users are denied to call unprotected methods since 2.6.3

Wed, 09 Jul 2014 04:05:28 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-5864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

metatech updated CXF-5864:
--------------------------

    Description: 
Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call 
unprotected methods.
The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now 
checks that the UserPrincipal is not null.
Any call results now into a AccessDeniedException.

{code}
Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: 
Unauthorized
        at 
org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
 ~[cxf-rt-core-2.6.3.jar:2.6.3]
{code}


  was:
Since CXF-4495 (contained in CXF 2.6.3), anonymous users do no have any 
permissions anymore.
The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now 
checks that the UserPrincipal is not null.
Any call results now into a AccessDeniedException.

{code}
Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: 
Unauthorized
        at 
org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
 ~[cxf-rt-core-2.6.3.jar:2.6.3]
{code}


        Summary: Anonymous users are denied to call unprotected methods since 
2.6.3  (was: Anonymous users have no permissions since 2.6.3)

> Anonymous users are denied to call unprotected methods since 2.6.3
> ------------------------------------------------------------------
>
>                 Key: CXF-5864
>                 URL: https://issues.apache.org/jira/browse/CXF-5864
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.6.3
>            Reporter: metatech
>
> Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call 
> unprotected methods.
> The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" 
> now checks that the UserPrincipal is not null.
> Any call results now into a AccessDeniedException.
> {code}
> Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: 
> Unauthorized
>       at 
> org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57)
>  ~[cxf-rt-core-2.6.3.jar:2.6.3]
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to