You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Ivan (JIRA)" <ji...@apache.org> on 2009/07/22 05:11:14 UTC
[jira] Updated: (GERONIMO-4756) jetty 7 ignores default subject
settings unless authentication is set up
[ https://issues.apache.org/jira/browse/GERONIMO-4756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan updated GERONIMO-4756:
---------------------------
Attachment: Geronimo-4766.patch
The issue is that, while only defaultsubject configurations exist in the plan file, we will use the NoneAuthenticator, and Jetty's SecurityHandler will not invoke the UserIdentity.associate method twice due to the return value of the NoneAuthenticator, so I think we need to set the default subject explicitly in this scenario.
Wish that I did not miss anything, please help to review it, thanks !
> jetty 7 ignores default subject settings unless authentication is set up
> ------------------------------------------------------------------------
>
> Key: GERONIMO-4756
> URL: https://issues.apache.org/jira/browse/GERONIMO-4756
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
> Attachments: Geronimo-4766.patch
>
>
> Jetty 7 should be setting up security stuff if a <security-realm-name> is definied, not only if authentication is specifically configured: this will make default subjects work when no auth is configured. Should not be a problem for tomcat.... for some reason I found this problem there already :-)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.