You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<xsd:complexTypename="transport-guaranteeType">
<xsd:annotation>
<xsd:documentation> The transport-guaranteeType specifies that the communication between client and server should be NONE, INTEGRAL, or CONFIDENTIAL. NONE means that the application does not require any transport guarantees. A value of INTEGRAL means that the application requires that the data sent between the client and server be sent in such a way that it can't be changed in transit. CONFIDENTIAL means that the application requires that the data be transmitted in a fashion that prevents other entities from observing the contents of the transmission. In most cases, the presence of the INTEGRAL or CONFIDENTIAL flag will indicate that the use of SSL is required. Used in: user-data-constraint </xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restrictionbase="jakartaee:string">
<xsd:enumerationvalue="NONE"/>
<xsd:enumerationvalue="INTEGRAL"/> ★
<xsd:enumerationvalue="CONFIDENTIAL"/>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
Servlet 6.0 schema says that we can specify INTEGRAL as the type of transport-guarantee.
refs) https://jakarta.ee/xml/ns/jakartaee/web-common_6_0.xsd
like
On the other hand, Exousia uses ServletSecurity.TransportGuarantee in SecurityConstraint (instead of jakarta.security.jacc.WebUserDataPermission).
exousia/impl/src/main/java/org/glassfish/exousia/constraints/SecurityConstraint.java
Line 35 in ebdd1a2
ServletSecurity.TransportGuarantee does not have INTEGRAL as its API, so we cannot use this type.
The text was updated successfully, but these errors were encountered: