geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-5480) Web security does not work on Equinox
Date Thu, 29 Jul 2010 15:15:16 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-5480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12893651#action_12893651
] 

Jarek Gawor commented on GERONIMO-5480:
---------------------------------------

Just to provide some more background on this issue. On Felix each bundle gets a ProtectionDomain
with the default permissions. On Equinox each bundle gets a ProtectionDomain with default
permissions + AllPermissions. The ContextManager class (in geronimo-security bundle) sets
up a default Subject (EMPTY). That subject gets the protection domain of the geronimo-security
bundle. During web authentication the different Web*Permissions are checked against the default
subject. Since the subject on Equinox contains AllPermissions all permission requests are
granted and that's why the user is never prompted for username/password info.


> Web security does not work on Equinox
> -------------------------------------
>
>                 Key: GERONIMO-5480
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5480
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 3.0-M1
>            Reporter: Jarek Gawor
>            Assignee: David Jencks
>             Fix For: 3.0
>
>
> Authentication is not requested when running secure web applications on Geronimo on Equinox.
That is, things behave as the user is already authenticated. This can be easily observed with
the admin console or security-testsuite. Authentication works as expected on Felix.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message