geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aman Nanner/MxI Technologies <aman.nan...@mxi.com>
Subject Geronimo role security
Date Wed, 18 Jul 2007 02:55:23 GMT

Hi,

I'm using the latest Geronimo 2.0 snapshot from the codebase.  I understand
that security has changed somewhat from Geronimo 1.2.  I'm running into an
issue where I have a JSP with a specific "run-as" role calling a secured
EJB.  This JSP has its run-as role defined in the web.xml as follows:

----
   <servlet>
      <servlet-name>MessagePage</servlet-name>
      <jsp-file>/common/Message.jsp</jsp-file>
      <run-as>
         <role-name>TESTSYSTEM</role-name>
      </run-as>
   </servlet>
----


 I have a default run-as role mapped in my geronimo-application.xml in my
EAR as follows:

----
   <security:security>
      <security:default-principal>
         <security:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="" />
      </security:default-principal>
      <security:role-mappings>
         <security:role role-name="TESTSYSTEM">
            <security:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="test-system" designated-run-as="true" />
         </security:role>
      </security:role-mappings>
   </security:security>
----

This used to work in Geronimo 1.2, but it appears now that the JSP does not
run with the run-as principal; rather it seems that it runs with no
principals.  Therefore, the call to the secured EJB causes a security
access exception.  Is this supposed to work the same way in Geronimo 2.0?
If so, then maybe this is a problem in Tomcat ....

Thanks,
Aman

__________________________________________________________________________________
* This message is intended only for the use of the individual or entity to which it is addressed,
and may contain information that is privileged, confidential and exempt from disclosure under
applicable law. Unless you are the addressee (or authorized to receive for the addressee),
you may not use, copy or disclose the message or any information contained in the message.
If you have received this message in error, please advise the sender by reply e-mail , and
delete the message, or call (collect) 001 613 747 4698. *


Mime
View raw message