You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Jean-Louis MONTEIRO (JIRA)" <ji...@apache.org> on 2009/12/23 16:12:29 UTC
[jira] Closed: (OPENEJB-1120) TomcatSecurityService should grant
the guest role when no user is logged in
[ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Louis MONTEIRO closed OPENEJB-1120.
----------------------------------------
Resolution: Fixed
Fix Version/s: 3.1.3
Committed revision 893523.
Thanks Luis!
> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
> Key: OPENEJB-1120
> URL: https://issues.apache.org/jira/browse/OPENEJB-1120
> Project: OpenEJB
> Issue Type: Bug
> Components: tomcat
> Affects Versions: 3.1.2
> Environment: Linux 64 bits, Java 6u16
> Reporter: Luis Fernando Planella Gonzalez
> Assignee: Jean-Louis MONTEIRO
> Fix For: 3.1.3
>
> Attachments: TomcatSecurityService_DefaultRole.patch
>
>
> The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.