geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <...@geronimo.apache.org>
Subject [jira] Resolved: (GERONIMO-1440) JAASJettyRealm not shared enough
Date Mon, 09 Jan 2006 10:23:21 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-1440?page=all ]
     
David Jencks resolved GERONIMO-1440:
------------------------------------

    Resolution: Fixed

(also fixes GERONIMO-1425 for jetty).  This makes there be only one JAASJettyRealm per external
realm name, and makes any app that uses the realm name get access to the same instance, as
long as one app includes an internal security realm name.  I'm leaving this resolved but unclosed
in case anyone objects to this behavior.

Sending        modules/jetty/src/java/org/apache/geronimo/jetty/JAASJettyRealm.java
Sending        modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainer.java
Sending        modules/jetty/src/java/org/apache/geronimo/jetty/JettyContainerImpl.java
Sending        modules/jetty/src/java/org/apache/geronimo/jetty/JettyServer.java
Sending        modules/jetty/src/java/org/apache/geronimo/jetty/JettyWebAppContext.java
Sending        modules/jetty/src/java/org/apache/geronimo/jetty/interceptor/SecurityContextBeforeAfter.java
Transmitting file data ......
Committed revision 367263. 

> JAASJettyRealm not shared enough
> --------------------------------
>
>          Key: GERONIMO-1440
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1440
>      Project: Geronimo
>         Type: Bug
>   Components: web
>     Versions: 1.0
>     Reporter: David Jencks
>     Assignee: David Jencks
>      Fix For: 1.1

>
> There are a bunch of problems that lead back to missing JAASJettyRealms or multiple "equal"
JAASJettyRealms.
> A JAASJettyRealm has an (external) realm name from the web.xml and an internal geronimo
realm name and a map of user name to principal (which includes the Subject for that user)
for logged in users.  If you supply a (internal) security realm name, a JAASJettyRealm is
registered with the HTTPContext and used for authentication, reauthentication, etc.  If you
don't supply a security realm name, but there is a realm name, then jetty tries to get the
realm from the JettyServer.  Here are some problems:
> 1. we never register our JAASJettyRealms with JettyServer, so if you don't supply a security
realm name you eventually get NPEs if the app calls isUserInRole etc etc.
> lets assume we fix (1)
> 2. If you have 2 apps  A and B deployed with the same external realm name and internal
realm name, only the last to start is registered with  the JettyServer.  Any other app C using
the same realm name but no internal realm name will get the second realm.  If we did a x-context
dispatch from the first app A to C C will be using the realm from B.
> I think that there should only be one JAASJettyRealm per external realm name, based on
servlet spec 2.4 section 12.6.  If you disagree, please say why :-).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message