[OPENEJB-1120] TomcatSecurityService should grant the guest role when no user is logged in - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.1.2
Fix Version/s: 3.1.3
Component/s: tomee
Labels:
None
Environment:
Linux 64 bits, Java 6u16

Description

The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

TomcatSecurityService_DefaultRole.patch
16/Dec/09 17:36
1.0 kB
Luis Fernando Planella Gonzalez

Activity

People

Assignee:: Jean-Louis Monteiro

Reporter:: Luis Fernando Planella Gonzalez

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Dec/09 17:33

Updated:: 23/Dec/09 15:12

Resolved:: 23/Dec/09 15:12