You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Cesar Hernandez (JIRA)" <ji...@apache.org> on 2018/12/14 02:57:00 UTC
[jira] [Work stopped] (TOMEE-2357) MicroProfile JWT @RolesAllowed
is been applied with a all or nothing policy
[ https://issues.apache.org/jira/browse/TOMEE-2357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on TOMEE-2357 stopped by Cesar Hernandez.
----------------------------------------------
> MicroProfile JWT @RolesAllowed is been applied with a all or nothing policy
> ---------------------------------------------------------------------------
>
> Key: TOMEE-2357
> URL: https://issues.apache.org/jira/browse/TOMEE-2357
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 8.0.0-M1
> Reporter: Cesar Hernandez
> Assignee: Cesar Hernandez
> Priority: Major
> Labels: pull-request-available
>
> *Repro steps*
> REST endpoint annotated with:
> @RolesAllowed(\{"A", "B"})
> reply with a 403 if the JWT used in the request doesn't have exactly the two A and B group of claims.
>
> *Expected Result*
> A valid request should be processed if and only if ***at least* one of the allowed roles is provided in the JWT group of claims.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)