geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <...@geronimo.apache.org>
Subject [jira] Closed: (GERONIMO-1012) Tomcat integration does not set a subject in an unsecured web module in a secured ejb application
Date Thu, 05 Jan 2006 09:05:01 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-1012?page=all ]
     
David Jencks closed GERONIMO-1012:
----------------------------------

    Fix Version: 1.1
                     (was: 1.0-M5)
     Resolution: Fixed

Jeff pointed out how to add the DefaultSubjectValve after the authentication valve.  This
fixes the problems for unauthenticated pages in a secured web app.

Sending        modules/tomcat/src/java/org/apache/geronimo/tomcat/GeronimoStandardContext.java
Transmitting file data .
Committed revision 366121. 

> Tomcat integration does not set a subject in an unsecured web module in a secured ejb
application
> -------------------------------------------------------------------------------------------------
>
>          Key: GERONIMO-1012
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1012
>      Project: Geronimo
>         Type: Bug
>   Components: Tomcat
>     Versions: 1.0-M5
>     Reporter: David Jencks
>     Assignee: David Jencks
>      Fix For: 1.1

>
> In the jetty integration, in SecurityContextBeforeAfter, a request for an unsecured page
results in the default subject being set in the ContextManager (line 288).  This provides
a way to call secured ejbs and also provides a source for credentials for calling secured
web services.
> In tomcat, we don't do anything like that: in particular there is no source of credentials
for secured web services.  
> I think the simplest solution is to, if the app is secured, to add another valve after
the standard tomcat security valve, that sets the default subject into the ContextManager
if none is there already.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message