You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Pesendorfer, Tom" <to...@eds.com> on 2005/02/10 18:42:44 UTC

Subject not set in session - bug in SecurityValve?

I found that the security valve is never setting the subject in the session
attribute - is that intended or should line 95 of the
AbstractSecurityValve.java read

request.getRequest().getSession().setAttribute(PortalReservedParameters.SESS
ION_KEY_SUBJECT, subject); 

instead of the current (J2-M1) 

request.getRequest().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJE
CT, subject); 

Cheers, 
Tom

Re: Subject not set in session - bug in SecurityValve?

Posted by David Sean Taylor <da...@bluesunrise.com>.

Pesendorfer, Tom wrote:
> I found that the security valve is never setting the subject in the session
> attribute - is that intended or should line 95 of the
> AbstractSecurityValve.java read
> 
> request.getRequest().getSession().setAttribute(PortalReservedParameters.SESS
> ION_KEY_SUBJECT, subject); 
> 
> instead of the current (J2-M1) 
> 
> request.getRequest().setAttribute(PortalReservedParameters.SESSION_KEY_SUBJE
> CT, subject); 
> 
> Cheers, 
> Tom 
> 
> 
patch applied to cvs head
recommend jira next time for patches

-- 
David Sean Taylor
Bluesunrise Software
david@bluesunrise.com
[office] +01 707 773-4646
[mobile] +01 707 529 9194

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org