[ https://issues.apache.org/jira/browse/SYNCOPE-338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò reassigned SYNCOPE-338: ---------------------------------------------- Assignee: Francesco Chicchiriccò > Some CXF REST services can be accessed by anonymous > --------------------------------------------------- > > Key: SYNCOPE-338 > URL: https://issues.apache.org/jira/browse/SYNCOPE-338 > Project: Syncope > Issue Type: Bug > Components: core > Affects Versions: 1.1.0 > Reporter: Francesco Chicchiriccò > Assignee: Francesco Chicchiriccò > Priority: Critical > Fix For: 1.1.0 > > > As reported in mailing list [1], there is a security concern related to > various CXF services that internally call Spring controller's *Internal() > methods, not annotated with Spring Security. > [1] > http://syncope-dev.1063484.n5.nabble.com/potential-security-concern-tt5713258.html -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira