geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@apache.org>
Subject Re: [jira] Closed: (GERONIMO-1463) Tomcat doesn't always get the right servlet name when evaluating isUserInRole
Date Fri, 13 Jan 2006 04:03:04 GMT
Yes it should.  I agree.

John Sisson wrote:
> This sounds like a bug.  Shouldn't it also be fixed in 1.0.1 ?
> 
> John
> 
> David Jencks (JIRA) wrote:
>>      [ http://issues.apache.org/jira/browse/GERONIMO-1463?page=all ]
>>      David Jencks closed GERONIMO-1463:
>> ----------------------------------
>>
>>     Resolution: Fixed
>>
>> Sending       
>> modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java
>>
>> Sending       
>> modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java
>>
>> Transmitting file data ..
>> Committed revision 368536.  
>>  
>>> Tomcat doesn't always get the right servlet name when evaluating
>>> isUserInRole
>>> -----------------------------------------------------------------------------
>>>
>>>
>>>          Key: GERONIMO-1463
>>>          URL: http://issues.apache.org/jira/browse/GERONIMO-1463
>>>      Project: Geronimo
>>>         Type: Bug
>>>   Components: Tomcat
>>>     Versions: 1.1
>>>     Reporter: David Jencks
>>>     Assignee: David Jencks
>>>      Fix For: 1.1
>>>     
>>
>>  
>>> TomcatGeronimoRealm has a complicated way of trying to determine the
>>> servlet name by resolving the context path.  Unfortunately it doesn't
>>> work very well.  However, the servlet name is available from
>>> request.getWrapper.getName().  The wrapper in question wraps the
>>> servlet, not the request, so it should always be available.
>>> In addition, the current code only sets the request on a thread local
>>> when you access a secured page.  However there seems to be agreement
>>> that access to unsecured pages after you have logged on should still
>>> have the Subject available and give "logged in" answers to
>>> isUserInRole.  Therefore we have to set the request when accessing
>>> any page.  Moving the setting to PolicycontextValve should suffice.
>>>     
>>
>>   

Mime
View raw message