You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2010/09/14 02:58:33 UTC

[jira] Updated: (GERONIMO-5468) Support authenticate/login/logout methods in the HttpServletRequest interface

     [ https://issues.apache.org/jira/browse/GERONIMO-5468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks updated GERONIMO-5468:
-----------------------------------

    Attachment: GERONIMO-5468-tomcat-original.diff
                GERONIMO-5468-tomcat-fork.diff
                GERONIMO-5468-geronimo-2.diff

I'm attaching 3 patches.  Two are for tomcat to fix what I think is a bad separation of concerns for the request.login method.  One of these is for our tomcat fork, the other for tomcat trunk. (the same changes in each).  The third patch is for the geronimo tomcat plugin to use the proposed tomcat changes.

In any case, one problem with the first patch is that the new security valve authenticate method must say that auth is mandatory.  The request already got to the user's code, so by the declarative security, auth is not mandatory.  However the user code is requesting authentication, so we have to force it to happen.

Please review! thanks

> Support authenticate/login/logout methods in the HttpServletRequest interface
> -----------------------------------------------------------------------------
>
>                 Key: GERONIMO-5468
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5468
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 3.0-M1, 3.0
>            Reporter: Ivan
>            Assignee: Han Hong Fang
>             Fix For: 3.0
>
>         Attachments: GERONIMO-5468-geronimo-2.diff, GERONIMO-5468-tomcat-fork.diff, GERONIMO-5468-tomcat-original.diff, GERONIMO-5468.patch
>
>
> In Servlet 3.0, authenticate/login/logout methods are added in the HttpServletRequest interface, we need to support them in Geronimo's way.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.