[SYNCOPE-338] Some CXF REST services can be accessed by anonymous - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.1.0
Fix Version/s: 1.1.0
Component/s: core
Labels:
None

Description

As reported in mailing list [1], there is a security concern related to various CXF services that internally call Spring controller's *Internal() methods, not annotated with Spring Security.

[1] http://syncope-dev.1063484.n5.nabble.com/potential-security-concern-tt5713258.html

Attachments

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Francesco Chicchiriccò

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Mar/13 10:32

Updated:: 04/Apr/13 14:02

Resolved:: 19/Mar/13 15:07