geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-4756) jetty 7 ignores default subject settings unless authentication is set up
Date Wed, 22 Jul 2009 03:11:14 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ivan updated GERONIMO-4756:
---------------------------

    Attachment: Geronimo-4766.patch

The issue is that, while only defaultsubject configurations exist in the plan file, we will
use the NoneAuthenticator, and Jetty's SecurityHandler will not invoke the UserIdentity.associate
method twice due to the return value of the NoneAuthenticator, so I think we need to set the
default subject explicitly in this scenario.
Wish that I did not miss anything, please help to review it, thanks !

> jetty 7 ignores default subject settings unless authentication is set up
> ------------------------------------------------------------------------
>
>                 Key: GERONIMO-4756
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4756
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.2
>
>         Attachments: Geronimo-4766.patch
>
>
> Jetty 7 should be setting up security stuff if a <security-realm-name> is definied,
not only if authentication is specifically configured: this will make default subjects work
when no auth is configured.  Should not be a problem for tomcat.... for some reason I found
this problem there already :-)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message