geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@apache.org>
Subject Re: [jira] Assigned: (GERONIMO-1012) Tomcat integration does not set a subject in an unsecured web module in a secured ejb application
Date Thu, 15 Sep 2005 05:05:18 GMT
I don't think we need another valve, could we not do this in one of the 
existing valves?

Jeff

David Jencks (JIRA) wrote:
>      [ http://issues.apache.org/jira/browse/GERONIMO-1012?page=all ]
> 
> David Jencks reassigned GERONIMO-1012:
> --------------------------------------
> 
>     Assign To: Jeff Genender  (was: David Jencks)
> 
> Jeff, can you think of a better way to do this?
> 
> 
>>Tomcat integration does not set a subject in an unsecured web module in a secured
ejb application
>>-------------------------------------------------------------------------------------------------
>>
>>         Key: GERONIMO-1012
>>         URL: http://issues.apache.org/jira/browse/GERONIMO-1012
>>     Project: Geronimo
>>        Type: Bug
>>  Components: Tomcat
>>    Versions: 1.0-M5
>>    Reporter: David Jencks
>>    Assignee: Jeff Genender
>>     Fix For: 1.0-M5
> 
> 
>>In the jetty integration, in SecurityContextBeforeAfter, a request for an unsecured
page results in the default subject being set in the ContextManager (line 288).  This provides
a way to call secured ejbs and also provides a source for credentials for calling secured
web services.
>>In tomcat, we don't do anything like that: in particular there is no source of credentials
for secured web services.  
>>I think the simplest solution is to, if the app is secured, to add another valve after
the standard tomcat security valve, that sets the default subject into the ContextManager
if none is there already.
> 
> 

-- 
Jeff Genender
http://geronimo.apache.org


Mime
View raw message