geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Updated: (GERONIMO-5468) Support authenticate/login/logout methods in the HttpServletRequest interface
Date Tue, 14 Sep 2010 00:58:33 GMT


David Jencks updated GERONIMO-5468:

    Attachment: GERONIMO-5468-tomcat-original.diff

I'm attaching 3 patches.  Two are for tomcat to fix what I think is a bad separation of concerns
for the request.login method.  One of these is for our tomcat fork, the other for tomcat trunk.
(the same changes in each).  The third patch is for the geronimo tomcat plugin to use the
proposed tomcat changes.

In any case, one problem with the first patch is that the new security valve authenticate
method must say that auth is mandatory.  The request already got to the user's code, so by
the declarative security, auth is not mandatory.  However the user code is requesting authentication,
so we have to force it to happen.

Please review! thanks

> Support authenticate/login/logout methods in the HttpServletRequest interface
> -----------------------------------------------------------------------------
>                 Key: GERONIMO-5468
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Tomcat
>    Affects Versions: 3.0-M1, 3.0
>            Reporter: Ivan
>            Assignee: Han Hong Fang
>             Fix For: 3.0
>         Attachments: GERONIMO-5468-geronimo-2.diff, GERONIMO-5468-tomcat-fork.diff, GERONIMO-5468-tomcat-original.diff,
> In Servlet 3.0, authenticate/login/logout methods are added in the HttpServletRequest
interface, we need to support them in Geronimo's way.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message