tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis Fernando Planella Gonzalez (JIRA)" <j...@apache.org>
Subject [jira] Updated: (OPENEJB-1120) TomcatSecurityService should grant the guest role when no user is logged in
Date Wed, 16 Dec 2009 17:36:18 GMT

     [ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Luis Fernando Planella Gonzalez updated OPENEJB-1120:
-----------------------------------------------------

    Attachment: TomcatSecurityService_DefaultRole.patch

Patch to follow the same behavior as SecurityService when the principal is of an "unknown"
type

> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
>                 Key: OPENEJB-1120
>                 URL: https://issues.apache.org/jira/browse/OPENEJB-1120
>             Project: OpenEJB
>          Issue Type: Bug
>          Components: tomcat
>    Affects Versions: 3.1.2
>         Environment: Linux 64 bits, Java 6u16
>            Reporter: Luis Fernando Planella Gonzalez
>         Attachments: TomcatSecurityService_DefaultRole.patch
>
>
> The default SecurityService returns in getLogicalRoles the name of principals when the
logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal
classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for
logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message