You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Luis Fernando Planella Gonzalez (JIRA)" <ji...@apache.org> on 2009/12/16 18:34:18 UTC

[jira] Updated: (OPENEJB-1120) TomcatSecurityService should grant the guest role when no user is logged in

     [ https://issues.apache.org/jira/browse/OPENEJB-1120?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Luis Fernando Planella Gonzalez updated OPENEJB-1120:
-----------------------------------------------------

    Description: 
The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

  was:
The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().


> TomcatSecurityService should grant the guest role when no user is logged in
> ---------------------------------------------------------------------------
>
>                 Key: OPENEJB-1120
>                 URL: https://issues.apache.org/jira/browse/OPENEJB-1120
>             Project: OpenEJB
>          Issue Type: Bug
>          Components: tomcat
>    Affects Versions: 3.1.2
>         Environment: Linux 64 bits, Java 6u16
>            Reporter: Luis Fernando Planella Gonzalez
>
> The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
> TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
> It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
> There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.