You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2008/06/18 01:50:44 UTC
[jira] Created: (GERONIMO-4124) Tomcat jacc usage is messed up
Tomcat jacc usage is messed up
------------------------------
Key: GERONIMO-4124
URL: https://issues.apache.org/jira/browse/GERONIMO-4124
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: Tomcat
Affects Versions: 2.1.1, 2.0.2, 2.2
Reporter: David Jencks
Assignee: David Jencks
Fix For: 2.0.x, 2.1.2, 2.2
Several problems:
1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods updated GERONIMO-4124:
-----------------------------------
Fix Version/s: (was: 2.1.3)
2.1.4
SVN updates need to be ported to 2.1.4 and 2.0.3
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.3, 2.1.4, 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "Joe Bohn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bohn updated GERONIMO-4124:
-------------------------------
Fix Version/s: (was: 2.0.x)
2.0.3
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.3, 2.1.2, 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks updated GERONIMO-4124:
-----------------------------------
Fix Version/s: (was: 2.0.4)
I'm sure this won't get fixed in 2.0.x and doubt it will get fixed in 2.1.x
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.1.4, 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "Joe Bohn (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bohn updated GERONIMO-4124:
-------------------------------
Fix Version/s: (was: 2.1.2)
2.1.3
move fix version to 2.1.3 from 2.1.2
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.3, 2.1.3, 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607023#action_12607023 ]
David Jencks commented on GERONIMO-4124:
----------------------------------------
work done on this issue in code:
trunk rev. 670236
Improved run-as tests in testsuite
trunk rev. 670237
The behavior in the tests agrees between jetty and tomcat but I don't think it's right. With this scenario:
user logs in in role foo
Servlet1 configured with run-as role baz
forwards to servlet2 with no run-as role
calls ejb
the ejb sees only role foo. In other words forwarding to servlet 2 has erased the run-as information from servlet 1.
In addition there's a questionable case:
in the above scenario, should servlet 2 see foo or baz? Currently it sees foo.
-------------------------------------------------
(1) is fixed; we install either the actual or default subject before checking WebUserDataPermissions and never call the non-jacc tomcat code
(2) is invalid, the Subject comes directly from ContextManager
(3) seems to be the only way to get form auth to work. I think it's causing the behavior I think is wrong noted above.
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.x, 2.1.2, 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "Jarek Gawor (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jarek Gawor updated GERONIMO-4124:
----------------------------------
Affects Version/s: 2.1.4
Fix Version/s: (was: 2.1.4)
Updating versions as it probably will not get fixed for 2.1.4.
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.1.4, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-4124.
----------------------------------
Resolution: Fixed
This is as fixed as its likely to get. run-as roles are pretty well unspecified so anyone using them doesn't have too much to complain about when something goes wrong. Maybe servlet 3 will make rules clearer.
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.1.4, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4124) Tomcat jacc usage is messed up
Posted by "Jay D. McHugh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jay D. McHugh updated GERONIMO-4124:
------------------------------------
Fix Version/s: (was: 2.0.3)
2.0.4
> Tomcat jacc usage is messed up
> ------------------------------
>
> Key: GERONIMO-4124
> URL: https://issues.apache.org/jira/browse/GERONIMO-4124
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.1.1, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.0.4, 2.1.4, 2.2
>
>
> Several problems:
> 1. UserDataPermissions are not getting evaluated by jacc due to the check for Subject in handler data.
> 2. Subject is never set into handler data (also a problem in jetty, dunno about openejb).
> 3. TomcatGeronimoRealm is calling ContextManager.setCallers before permission checks. This is wrong.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.