You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "metatech (JIRA)" <ji...@apache.org> on 2014/07/09 13:05:05 UTC

[jira] [Updated] (CXF-5864) Anonymous users are denied to call unprotected methods since 2.6.3

     [ https://issues.apache.org/jira/browse/CXF-5864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

metatech updated CXF-5864:
--------------------------

    Description: 
Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods.
The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null.
Any call results now into a AccessDeniedException.

{code}
Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3]
{code}


  was:
Since CXF-4495 (contained in CXF 2.6.3), anonymous users do no have any permissions anymore.
The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null.
Any call results now into a AccessDeniedException.

{code}
Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3]
{code}


        Summary: Anonymous users are denied to call unprotected methods since 2.6.3  (was: Anonymous users have no permissions since 2.6.3)

> Anonymous users are denied to call unprotected methods since 2.6.3
> ------------------------------------------------------------------
>
>                 Key: CXF-5864
>                 URL: https://issues.apache.org/jira/browse/CXF-5864
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.6.3
>            Reporter: metatech
>
> Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods.
> The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null.
> Any call results now into a AccessDeniedException.
> {code}
> Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
> 	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3]
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)