Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-338

Some CXF REST services can be accessed by anonymous

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.1.0
    • Fix Version/s: 1.1.0
    • Component/s: core
    • Labels:
      None

      Description

      As reported in mailing list [1], there is a security concern related to various CXF services that internally call Spring controller's *Internal() methods, not annotated with Spring Security.

      [1] http://syncope-dev.1063484.n5.nabble.com/potential-security-concern-tt5713258.html

        Attachments

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              ilgrosso Francesco Chicchiriccò
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: