Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 92457 invoked from network); 15 Sep 2005 02:48:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 15 Sep 2005 02:48:01 -0000 Received: (qmail 79206 invoked by uid 500); 15 Sep 2005 02:47:59 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 78489 invoked by uid 500); 15 Sep 2005 02:47:57 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 78471 invoked by uid 99); 15 Sep 2005 02:47:57 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=SPF_FAIL X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Sep 2005 19:47:55 -0700 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id DE6EA136 for ; Thu, 15 Sep 2005 04:47:54 +0200 (CEST) Message-ID: <252506842.1126752474908.JavaMail.jira@ajax.apache.org> Date: Thu, 15 Sep 2005 04:47:54 +0200 (CEST) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Assigned: (GERONIMO-1012) Tomcat integration does not set a subject in an unsecured web module in a secured ejb application In-Reply-To: <1012231304.1126728115115.JavaMail.jira@ajax.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-1012?page=all ] David Jencks reassigned GERONIMO-1012: -------------------------------------- Assign To: Jeff Genender (was: David Jencks) Jeff, can you think of a better way to do this? > Tomcat integration does not set a subject in an unsecured web module in a secured ejb application > ------------------------------------------------------------------------------------------------- > > Key: GERONIMO-1012 > URL: http://issues.apache.org/jira/browse/GERONIMO-1012 > Project: Geronimo > Type: Bug > Components: Tomcat > Versions: 1.0-M5 > Reporter: David Jencks > Assignee: Jeff Genender > Fix For: 1.0-M5 > > In the jetty integration, in SecurityContextBeforeAfter, a request for an unsecured page results in the default subject being set in the ContextManager (line 288). This provides a way to call secured ejbs and also provides a source for credentials for calling secured web services. > In tomcat, we don't do anything like that: in particular there is no source of credentials for secured web services. > I think the simplest solution is to, if the app is secured, to add another valve after the standard tomcat security valve, that sets the default subject into the ContextManager if none is there already. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira