tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21795] - j_security_check isn't fed through filters
Date Wed, 27 Aug 2003 00:52:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795

j_security_check isn't fed through filters





------- Additional Comments From funkman@joedog.org  2003-08-27 00:52 -------
I received a clarification from Yutaka Yoshida (lead for the 2.4 spec) with this
clarification: 

"In regards to this issue, servlet EG had a consensus that Filter must not be
applied for j_security_check. We believe the application component should not be
involved in the container-managed security. Although we understand why people
are using filter to manipulate the authentication mechanism, it doesn't solve
all issues related to the security and must be addressed in a larger scope of
the portable authentication mechanism, which I expect to have in the next
version of the specification. "

Mime
View raw message