Uploaded image for project: 'TomEE'
  1. TomEE
  2. TOMEE-2357

MicroProfile JWT @RolesAllowed is been applied with a all or nothing policy

    XMLWordPrintableJSON

Details

    Description

      Repro steps

      REST endpoint annotated with:

      @RolesAllowed({"A", "B"})

      reply with a 403 if the JWT used in the request doesn't have exactly the two A and B group of claims. 

       

      Expected Result

      A valid request should be processed if and only if **at least one of the allowed roles is provided in the JWT group of claims.

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue TOMEE-2304 MicroProfile JWT Improve rest-mp-jwt Example

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #275

          Activity

            People

              cesarhernandezgt Cesar Hernandez
              cesarhernandezgt Cesar Hernandez
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: