[
https://issues.apache.org/jira/browse/OPENEJB-711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jarek Gawor updated OPENEJB-711:
--------------------------------
Attachment: OPENEJB-711.patch
A simple change to ensure that hostAuthorization() is called. However, this has
significant implications. If applied, by default only local ip addresses will
be allowed to access the server (which I think matches 2.0 behavior) but is
different from previous openejb 3.0 beta releases were all ip addresses were
allowed by default.
I can submit another patch if a different solution is needed (e.g. to match 3.0
beta behavior)
> ServiceAccessController does not call checkHostsAuthorization()
> ---------------------------------------------------------------
>
> Key: OPENEJB-711
> URL: https://issues.apache.org/jira/browse/OPENEJB-711
> Project: OpenEJB
> Issue Type: Bug
> Components: server
> Affects Versions: 3.0.x
> Reporter: Jarek Gawor
> Attachments: OPENEJB-711.patch
>
>
> ServiceAccessController does not call checkHostsAuthorization() and
> therefore, the user is unable to set a list of ip addresses that can access
> the server (using the only_from property). All addresses are always allowed.
> I believe this used to be supported with OpenEJB 2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
