You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2008/06/05 01:33:45 UTC

[jira] Created: (GERONIMO-4099) Calling isUserInRole wipes out run-as info

Calling isUserInRole wipes out run-as info
------------------------------------------

                 Key: GERONIMO-4099
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4099
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: Tomcat
    Affects Versions: 2.0.x, 2.1.x, 2.2
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.1.x, 2.2


TomcatGeronimoRealm.hasRole sets callers which it has no business doing.  These were already set during authentication.  This wipes out the run-as info which was set earlier.  Checking the principal is also unrelated to role checks in geronimo and should be omitted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-4099) Calling isUserInRole wipes out run-as info

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-4099.
----------------------------------

    Resolution: Fixed

apparently causes no tck problems.

> Calling isUserInRole wipes out run-as info
> ------------------------------------------
>
>                 Key: GERONIMO-4099
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4099
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0.x, 2.1.x, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.2, 2.2
>
>
> TomcatGeronimoRealm.hasRole sets callers which it has no business doing.  These were already set during authentication.  This wipes out the run-as info which was set earlier.  Checking the principal is also unrelated to role checks in geronimo and should be omitted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-4099) Calling isUserInRole wipes out run-as info

Posted by "Joe Bohn (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613453#action_12613453 ] 

Joe Bohn commented on GERONIMO-4099:
------------------------------------

I verified tck results with rev. 674565 and didn't notice any problems.  Can we close this issue?

> Calling isUserInRole wipes out run-as info
> ------------------------------------------
>
>                 Key: GERONIMO-4099
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4099
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0.x, 2.1.x, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.2, 2.2
>
>
> TomcatGeronimoRealm.hasRole sets callers which it has no business doing.  These were already set during authentication.  This wipes out the run-as info which was set earlier.  Checking the principal is also unrelated to role checks in geronimo and should be omitted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-4099) Calling isUserInRole wipes out run-as info

Posted by "Joe Bohn (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joe Bohn updated GERONIMO-4099:
-------------------------------

    Fix Version/s:     (was: 2.1.x)
                   2.1.2

Changed fix version from 2.1.x to 2.1.2 per Jarek's update indicating this was required for 2.1.2.  

> Calling isUserInRole wipes out run-as info
> ------------------------------------------
>
>                 Key: GERONIMO-4099
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4099
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0.x, 2.1.x, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.2, 2.2
>
>
> TomcatGeronimoRealm.hasRole sets callers which it has no business doing.  These were already set during authentication.  This wipes out the run-as info which was set earlier.  Checking the principal is also unrelated to role checks in geronimo and should be omitted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-4099) Calling isUserInRole wipes out run-as info

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602563#action_12602563 ] 

David Jencks commented on GERONIMO-4099:
----------------------------------------

branches 2.1 rev 663477
branches 2.0 rev 663484

Leaving open until we check tck results.

> Calling isUserInRole wipes out run-as info
> ------------------------------------------
>
>                 Key: GERONIMO-4099
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4099
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0.x, 2.1.x, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.x, 2.2
>
>
> TomcatGeronimoRealm.hasRole sets callers which it has no business doing.  These were already set during authentication.  This wipes out the run-as info which was set earlier.  Checking the principal is also unrelated to role checks in geronimo and should be omitted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-4099) Calling isUserInRole wipes out run-as info

Posted by "David Jencks (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-4099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602511#action_12602511 ] 

David Jencks commented on GERONIMO-4099:
----------------------------------------

fixed trunk rev 663423.  We should check this doesn't break any tck stuff

> Calling isUserInRole wipes out run-as info
> ------------------------------------------
>
>                 Key: GERONIMO-4099
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4099
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 2.0.x, 2.1.x, 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.1.x, 2.2
>
>
> TomcatGeronimoRealm.hasRole sets callers which it has no business doing.  These were already set during authentication.  This wipes out the run-as info which was set earlier.  Checking the principal is also unrelated to role checks in geronimo and should be omitted.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.