You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Luis Fernando Planella Gonzalez (JIRA)" <ji...@apache.org> on 2009/12/16 18:34:18 UTC
[jira] Created: (OPENEJB-1120) TomcatSecurityService should grant
the guest role when no user is logged in
TomcatSecurityService should grant the guest role when no user is logged in
---------------------------------------------------------------------------
Key: OPENEJB-1120
URL: https://issues.apache.org/jira/browse/OPENEJB-1120
Project: OpenEJB
Issue Type: Bug
Components: tomcat
Affects Versions: 3.1.2
Environment: Linux 64 bits, Java 6u16
Reporter: Luis Fernando Planella Gonzalez
The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (OPENEJB-1120) TomcatSecurityService should grant
the guest role when no user is logged in
Posted by "Jean-Louis MONTEIRO (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Louis MONTEIRO reassigned OPENEJB-1120:
--------------------------------------------
Assignee: Jean-Louis MONTEIRO
> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
> Key: OPENEJB-1120
> URL: https://issues.apache.org/jira/browse/OPENEJB-1120
> Project: OpenEJB
> Issue Type: Bug
> Components: tomcat
> Affects Versions: 3.1.2
> Environment: Linux 64 bits, Java 6u16
> Reporter: Luis Fernando Planella Gonzalez
> Assignee: Jean-Louis MONTEIRO
> Attachments: TomcatSecurityService_DefaultRole.patch
>
>
> The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (OPENEJB-1120) TomcatSecurityService should grant
the guest role when no user is logged in
Posted by "Jean-Louis MONTEIRO (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Louis MONTEIRO closed OPENEJB-1120.
----------------------------------------
Resolution: Fixed
Fix Version/s: 3.1.3
Committed revision 893523.
Thanks Luis!
> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
> Key: OPENEJB-1120
> URL: https://issues.apache.org/jira/browse/OPENEJB-1120
> Project: OpenEJB
> Issue Type: Bug
> Components: tomcat
> Affects Versions: 3.1.2
> Environment: Linux 64 bits, Java 6u16
> Reporter: Luis Fernando Planella Gonzalez
> Assignee: Jean-Louis MONTEIRO
> Fix For: 3.1.3
>
> Attachments: TomcatSecurityService_DefaultRole.patch
>
>
> The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENEJB-1120) TomcatSecurityService should grant
the guest role when no user is logged in
Posted by "Luis Fernando Planella Gonzalez (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luis Fernando Planella Gonzalez updated OPENEJB-1120:
-----------------------------------------------------
Description:
The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html
was:
The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
> Key: OPENEJB-1120
> URL: https://issues.apache.org/jira/browse/OPENEJB-1120
> Project: OpenEJB
> Issue Type: Bug
> Components: tomcat
> Affects Versions: 3.1.2
> Environment: Linux 64 bits, Java 6u16
> Reporter: Luis Fernando Planella Gonzalez
>
> The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OPENEJB-1120) TomcatSecurityService should grant
the guest role when no user is logged in
Posted by "Luis Fernando Planella Gonzalez (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luis Fernando Planella Gonzalez updated OPENEJB-1120:
-----------------------------------------------------
Attachment: TomcatSecurityService_DefaultRole.patch
Patch to follow the same behavior as SecurityService when the principal is of an "unknown" type
> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
> Key: OPENEJB-1120
> URL: https://issues.apache.org/jira/browse/OPENEJB-1120
> Project: OpenEJB
> Issue Type: Bug
> Components: tomcat
> Affects Versions: 3.1.2
> Environment: Linux 64 bits, Java 6u16
> Reporter: Luis Fernando Planella Gonzalez
> Attachments: TomcatSecurityService_DefaultRole.patch
>
>
> The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.