You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Ivan (JIRA)" <ji...@apache.org> on 2009/06/03 08:16:07 UTC
[jira] Created: (GERONIMO-4669) EJ B security does not work
correctly when no permssion is set and the user does a login
EJ B security does not work correctly when no permssion is set and the user does a login
----------------------------------------------------------------------------------------
Key: GERONIMO-4669
URL: https://issues.apache.org/jira/browse/GERONIMO-4669
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: OpenEJB
Affects Versions: 2.2
Reporter: Ivan
Assignee: Ivan
Fix For: 2.2
Currently, if in the ejb-jar.xml file, not method-permission exists, we will not create a JACC Manager. But the securityEnabled is always set to true, so while the user login in, then the access is denied. In the past versions, we always create a JACC Manager even if no method permisson is set, and in it, all the method invocation permissions are granted. This issue blocked some EJB TCK testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4669) EJ B security does not work
correctly when no permssion is set and the user does a login
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12715841#action_12715841 ]
Ivan commented on GERONIMO-4669:
--------------------------------
>From my view, I would like to use the old way, even if no method permissions exist, a JACC Manager is also created, which will add all the method permissions to the exclude list. Maybe, to set the securityEnabled to false is also a good choice, but it may affect the invocation of getCallerPrincipal
Any comment ?
> EJ B security does not work correctly when no permssion is set and the user does a login
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-4669
> URL: https://issues.apache.org/jira/browse/GERONIMO-4669
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: OpenEJB
> Affects Versions: 2.2
> Reporter: Ivan
> Assignee: Ivan
> Fix For: 2.2
>
>
> Currently, if in the ejb-jar.xml file, not method-permission exists, we will not create a JACC Manager. But the securityEnabled is always set to true, so while the user login in, then the access is denied. In the past versions, we always create a JACC Manager even if no method permisson is set, and in it, all the method invocation permissions are granted. This issue blocked some EJB TCK testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4669) EJ B security does not work
correctly when no permssion is set and the user does a login
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan updated GERONIMO-4669:
---------------------------
Attachment: Geronimo-4669.patch
Use whether the securityconfiguration exists, not the methodpermissions to decide whether the contexit is security enabled.
Please help to review it, if no object, I will commit it. I think if this issue is fixed, many of the TCK cases would pass ;-)
> EJ B security does not work correctly when no permssion is set and the user does a login
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-4669
> URL: https://issues.apache.org/jira/browse/GERONIMO-4669
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: OpenEJB
> Affects Versions: 2.2
> Reporter: Ivan
> Assignee: Ivan
> Fix For: 2.2
>
> Attachments: Geronimo-4669.patch
>
>
> Currently, if in the ejb-jar.xml file, not method-permission exists, we will not create a JACC Manager. But the securityEnabled is always set to true, so while the user login in, then the access is denied. In the past versions, we always create a JACC Manager even if no method permisson is set, and in it, all the method invocation permissions are granted. This issue blocked some EJB TCK testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (GERONIMO-4669) EJ B security does not
work correctly when no permssion is set and the user does a login
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12715863#action_12715863 ]
Ivan edited comment on GERONIMO-4669 at 6/3/09 1:28 AM:
--------------------------------------------------------
Use whether the securityconfiguration exists, not the methodpermissions to decide whether the contexit is security enabled.
Please help to review it, if no objection, I will commit it. I think if this issue is fixed, many of the TCK cases would pass ;-)
was (Author: xuhaihong):
Use whether the securityconfiguration exists, not the methodpermissions to decide whether the contexit is security enabled.
Please help to review it, if no object, I will commit it. I think if this issue is fixed, many of the TCK cases would pass ;-)
> EJ B security does not work correctly when no permssion is set and the user does a login
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-4669
> URL: https://issues.apache.org/jira/browse/GERONIMO-4669
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: OpenEJB
> Affects Versions: 2.2
> Reporter: Ivan
> Assignee: Ivan
> Fix For: 2.2
>
> Attachments: Geronimo-4669.patch
>
>
> Currently, if in the ejb-jar.xml file, not method-permission exists, we will not create a JACC Manager. But the securityEnabled is always set to true, so while the user login in, then the access is denied. In the past versions, we always create a JACC Manager even if no method permisson is set, and in it, all the method invocation permissions are granted. This issue blocked some EJB TCK testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-4669) EJ B security does not work
correctly when no permssion is set and the user does a login
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan resolved GERONIMO-4669.
----------------------------
Resolution: Fixed
Commit to trunk At revision: 781640
> EJ B security does not work correctly when no permssion is set and the user does a login
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-4669
> URL: https://issues.apache.org/jira/browse/GERONIMO-4669
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: OpenEJB
> Affects Versions: 2.2
> Reporter: Ivan
> Assignee: Ivan
> Fix For: 2.2
>
> Attachments: Geronimo-4669.patch
>
>
> Currently, if in the ejb-jar.xml file, not method-permission exists, we will not create a JACC Manager. But the securityEnabled is always set to true, so while the user login in, then the access is denied. In the past versions, we always create a JACC Manager even if no method permisson is set, and in it, all the method invocation permissions are granted. This issue blocked some EJB TCK testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.