Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[es-dev] app-securitycontext TCK test
Hello I am just working on the WildFly profile for the Jakarta Security TCK, I am running into an issue with the app-securitycontext test I wanted to discuss.

Presently the test is making a call to SecurityContext.hasAccessToWebResource()   without specifying the HTTP method to test.

https://github.com/jakartaee/security/blob/master/tck/app-securitycontext/src/main/java/ee/jakarta/tck/security/test/Servlet.java#L85

With no method passed in WildFly is presently returning false, however if I pass in a single method such as "GET" it returns true.

From the API itself this parameter is described as taking "one or more methods to check", from the specification itself there is also no mention of calling without specifying the HTTP method and the documented example does specify a method:

https://github.com/jakartaee/security/blob/master/spec/src/main/asciidoc/securityContext.adoc

This feels like something which could be clarified in a later release but for now it doesn't feel like there is a clear definition of expected behaviour when no method is specified.

--

Darran Lofthouse

Red Hat

darran.lofthouse@xxxxxxxxx   

Back to the top