[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
From:       Mark Thomas <markt () apache ! org>
Date:       2011-03-09 10:48:21
Message-ID: 4D775AF5.6010602 () apache ! org
[Download RAW message or body]

The fix in Tomcat 7.0.10 was incomplete. @SecurityAnnotations are still
ignored when there are no security constraints defined in web.xml (a
typical use case).

There will be a Tomcat 7.0.11 release shortly to address this. In the
meantime, the workaround of specifying at least one security constraint
in web.xml can be used to trigger the scanning of @SecurityAnnotations.

Mark
on behalf of the Apache Tomcat security team


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic