geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor (JIRA)" <>
Subject [jira] Commented: (GERONIMO-5480) Web security does not work on Equinox
Date Fri, 06 Aug 2010 06:06:16 GMT


Jarek Gawor commented on GERONIMO-5480:

After digging through Equinox code I see that PermissionAdmin/ConditionalPermissionAdmin service
is really used when the SecurityManager is enabled. When SecurityManager is not enabled, Equinox
just adds AllPermission permission into the ProtectionDomain for the bundle. As far as I can
tell right now there is no way to configure that default behavior. But there is a way (a hack
really) to prevent Equinox from adding the AllPermission into the ProtectionDomain. That can
be done via Equinox ClassLoadingHook. 

> Web security does not work on Equinox
> -------------------------------------
>                 Key: GERONIMO-5480
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 3.0-M1
>            Reporter: Jarek Gawor
>            Assignee: David Jencks
>             Fix For: 3.0
> Authentication is not requested when running secure web applications on Geronimo on Equinox.
That is, things behave as the user is already authenticated. This can be easily observed with
the admin console or security-testsuite. Authentication works as expected on Felix.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message