Uploaded image for project: 'OpenEJB'
  1. OpenEJB
  2. OPENEJB-1120

TomcatSecurityService should grant the guest role when no user is logged in

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.1.3
    • Component/s: tomee
    • Labels:
      None
    • Environment:
      Linux 64 bits, Java 6u16

      Description

      The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
      TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
      It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
      There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

        Attachments

        1. TomcatSecurityService_DefaultRole.patch
          1.0 kB
          Luis Fernando Planella Gonzalez

          Activity

            People

            • Assignee:
              jlmonteiro Jean-Louis MONTEIRO
              Reporter:
              luisfpg Luis Fernando Planella Gonzalez
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: