Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 39749 invoked from network); 14 Sep 2010 00:58:54 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 14 Sep 2010 00:58:54 -0000 Received: (qmail 62961 invoked by uid 500); 14 Sep 2010 00:58:54 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 62906 invoked by uid 500); 14 Sep 2010 00:58:53 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 62899 invoked by uid 99); 14 Sep 2010 00:58:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Sep 2010 00:58:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Sep 2010 00:58:53 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o8E0wX70008090 for ; Tue, 14 Sep 2010 00:58:33 GMT Message-ID: <20449492.168831284425913053.JavaMail.jira@thor> Date: Mon, 13 Sep 2010 20:58:33 -0400 (EDT) From: "David Jencks (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Updated: (GERONIMO-5468) Support authenticate/login/logout methods in the HttpServletRequest interface In-Reply-To: <17796764.577291280117989319.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/GERONIMO-5468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Jencks updated GERONIMO-5468: ----------------------------------- Attachment: GERONIMO-5468-tomcat-original.diff GERONIMO-5468-tomcat-fork.diff GERONIMO-5468-geronimo-2.diff I'm attaching 3 patches. Two are for tomcat to fix what I think is a bad separation of concerns for the request.login method. One of these is for our tomcat fork, the other for tomcat trunk. (the same changes in each). The third patch is for the geronimo tomcat plugin to use the proposed tomcat changes. In any case, one problem with the first patch is that the new security valve authenticate method must say that auth is mandatory. The request already got to the user's code, so by the declarative security, auth is not mandatory. However the user code is requesting authentication, so we have to force it to happen. Please review! thanks > Support authenticate/login/logout methods in the HttpServletRequest interface > ----------------------------------------------------------------------------- > > Key: GERONIMO-5468 > URL: https://issues.apache.org/jira/browse/GERONIMO-5468 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: Tomcat > Affects Versions: 3.0-M1, 3.0 > Reporter: Ivan > Assignee: Han Hong Fang > Fix For: 3.0 > > Attachments: GERONIMO-5468-geronimo-2.diff, GERONIMO-5468-tomcat-fork.diff, GERONIMO-5468-tomcat-original.diff, GERONIMO-5468.patch > > > In Servlet 3.0, authenticate/login/logout methods are added in the HttpServletRequest interface, we need to support them in Geronimo's way. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.