Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5864

Anonymous users are denied to call unprotected methods since 2.6.3

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.6.3
    • 2.6.15, 2.7.12, 3.0.1
    • None
    • None
    • Unknown

    Description

      Since CXF-4495 (contained in CXF 2.6.3), anonymous users are denied to call unprotected methods.
      The method "handleMessage" of the class "AbstractAuthorizingInInterceptor" now checks that the UserPrincipal is not null.
      Any call results now into a AccessDeniedException.

      Caused by: org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized
	at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:57) ~[cxf-rt-core-2.6.3.jar:2.6.3]

      Attachments

        1. patch.txt
          2 kB
          Sergey Beryozkin

        Issue Links

          is broken by

          Improvement - An improvement or enhancement to an existing feature or task. CXF-4495 Extend SimpleAuthorizingInterceptor to check only configured roles

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              sergey_beryozkin Sergey Beryozkin
              metatech metatech
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: