Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5864

Anonymous users are denied to call unprotected methods since 2.6.3

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.3
    • Fix Version/s: 2.6.15, 2.7.12, 3.0.1
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods.
      The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null.
      Any call results now into a AccessDeniedException.

      Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
      	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3]
      

        Attachments

        1. patch.txt
          2 kB
          Sergey Beryozkin

          Issue Links

            Activity

              People

              • Assignee:
                sergey_beryozkin Sergey Beryozkin
                Reporter:
                metatech metatech
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: