geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Boynes <>
Subject Re: cvs commit: incubator-geronimo/modules/security/src/java/org/apache/geronimo/security
Date Tue, 10 Feb 2004 18:19:22 GMT wrote:

> dblevins    2004/02/10 03:06:27
>   Modified:    modules/security/src/java/org/apache/geronimo/security
>   Log:
>   Modified isCallerInRole and getCallerPrinciple to handle the situation
>   where the caller is not known, as is the case when the security interceptor
>   is dissabled.

Hey David

I have concerns about disabling the security interceptor - isn't that 
going to leave us wide open?

If we do it, can't we just replace it with a 'null' interceptor that 
just injects a dummy principal. That way all the downstream code can 
work as usual and we are less likely to break things like IIOP propagation.


View raw message