geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-4778) Servlet run-as role should apply to a dispatch to another servlet
Date Thu, 30 Jul 2009 22:05:15 GMT
Servlet run-as role should apply to a dispatch to another servlet
-----------------------------------------------------------------

                 Key: GERONIMO-4778
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4778
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security, web
    Affects Versions: 2.2
            Reporter: David Jencks
            Assignee: David Jencks
             Fix For: 2.2


The servlet spec doesn't say anything about the effect of a run-as role on the target servlet
of a dispatch.  Some private communication with Ron Monzilla (also on the servlet eg ml) indicates
that the best behavior would be that if a servlet A with run-as role R dispatches to another
servlet B, B's security decisions (is user in role, mostly, for servlets) be based on role
R.

This will require a small modification in jetty, see https://bugs.eclipse.org/bugs/show_bug.cgi?id=285119

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message