geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (GERONIMO-4669) EJ B security does not work correctly when no permssion is set and the user does a login
Date Wed, 03 Jun 2009 08:30:07 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12715863#action_12715863
] 

Ivan edited comment on GERONIMO-4669 at 6/3/09 1:28 AM:
--------------------------------------------------------

Use whether the securityconfiguration exists, not the methodpermissions to decide whether
the contexit is security enabled.
Please help to review it, if no objection, I will commit it. I think if this issue is fixed,
many of the TCK cases would pass ;-)

      was (Author: xuhaihong):
    Use whether the securityconfiguration exists, not the methodpermissions to decide whether
the contexit is security enabled.
Please help to review it, if no object, I will commit it. I think if this issue is fixed,
many of the TCK cases would pass ;-)
  
> EJ B security does not work correctly when no permssion is set and the user does a login
> ----------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-4669
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4669
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: OpenEJB
>    Affects Versions: 2.2
>            Reporter: Ivan
>            Assignee: Ivan
>             Fix For: 2.2
>
>         Attachments: Geronimo-4669.patch
>
>
> Currently, if in the ejb-jar.xml file, not method-permission exists, we will not create
a JACC Manager. But the securityEnabled is always set to true, so while the user login in,
then the access is denied. In the past versions, we always create a JACC Manager even if no
method permisson is set, and in it, all the method invocation permissions are granted. This
issue blocked some EJB TCK testcases, I think.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message