geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@savoirtech.com>
Subject Re: [jira] Assigned: (GERONIMO-1012) Tomcat integration does not set a subject in an unsecured web module in a secured ejb application
Date Thu, 15 Sep 2005 05:09:29 GMT
Never mind...I didn't read the other emails...I'll have a look.

Jeff

Jeff Genender wrote:
> I don't think we need another valve, could we not do this in one of the 
> existing valves?
> 
> Jeff
> 
> David Jencks (JIRA) wrote:
> 
>>      [ http://issues.apache.org/jira/browse/GERONIMO-1012?page=all ]
>>
>> David Jencks reassigned GERONIMO-1012:
>> --------------------------------------
>>
>>     Assign To: Jeff Genender  (was: David Jencks)
>>
>> Jeff, can you think of a better way to do this?
>>
>>
>>> Tomcat integration does not set a subject in an unsecured web module 
>>> in a secured ejb application
>>> -------------------------------------------------------------------------------------------------

>>>
>>>
>>>         Key: GERONIMO-1012
>>>         URL: http://issues.apache.org/jira/browse/GERONIMO-1012
>>>     Project: Geronimo
>>>        Type: Bug
>>>  Components: Tomcat
>>>    Versions: 1.0-M5
>>>    Reporter: David Jencks
>>>    Assignee: Jeff Genender
>>>     Fix For: 1.0-M5
>>
>>
>>
>>> In the jetty integration, in SecurityContextBeforeAfter, a request 
>>> for an unsecured page results in the default subject being set in the 
>>> ContextManager (line 288).  This provides a way to call secured ejbs 
>>> and also provides a source for credentials for calling secured web 
>>> services.
>>> In tomcat, we don't do anything like that: in particular there is no 
>>> source of credentials for secured web services.  I think the simplest 
>>> solution is to, if the app is secured, to add another valve after the 
>>> standard tomcat security valve, that sets the default subject into 
>>> the ContextManager if none is there already.
>>
>>
>>
> 

Mime
View raw message