tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thiago Veronezi <thi...@veronezi.org>
Subject Re: Bug in security TomEE
Date Fri, 06 Sep 2013 18:57:04 GMT
>> So, what should I do if i want to get to protected resource, when i'm
>> authenticated only as user and i want to get authorized as admin ? I
have to
>> logout and login again ?

Yes... I guess,
I don't remember if changes to a user security-roles are automatically
reflected without a logout/login.

Notice that the logged user can be a "usr" and an "admin" at the same time.
The user just need to be part of both "security-role".

[]s,
Thiago.




On Fri, Sep 6, 2013 at 2:48 PM, kuba44 <jakub.k8@gmail.com> wrote:

> Authentication and authorization are two different things.
> If you try to access a protected resource and you are not authenticated,
> the server will ask for your username.password. After having you
> authenticated, the server will check if your user is authorized to access
> the requested resource. If you are not authorized, it will throw a 403
> exception, but you will still be authenticated.
>
> If you after having a 403 you can't access what you are supposed to have
> access to, then we have an issue. :)
> Is that it?
>
> So, what should I do if i want to get to protected resource, when i'm
> authenticated only as user and i want to get authorized as admin ? I have
> to
> logout and login again ?
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Bug-in-security-TomEE-tp4665009p4665013.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message