OpenEJB
  1. OpenEJB
  2. OPENEJB-1120

TomcatSecurityService should grant the guest role when no user is logged in

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.1.3
    • Component/s: tomee
    • Labels:
      None
    • Environment:
      Linux 64 bits, Java 6u16

      Description

      The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
      TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
      It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
      There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

      1. TomcatSecurityService_DefaultRole.patch
        1.0 kB
        Luis Fernando Planella Gonzalez

        Activity

        Hide
        Luis Fernando Planella Gonzalez added a comment -

        Patch to follow the same behavior as SecurityService when the principal is of an "unknown" type

        Show
        Luis Fernando Planella Gonzalez added a comment - Patch to follow the same behavior as SecurityService when the principal is of an "unknown" type
        Hide
        Jean-Louis MONTEIRO added a comment -

        Committed revision 893523.
        Thanks Luis!

        Show
        Jean-Louis MONTEIRO added a comment - Committed revision 893523. Thanks Luis!

          People

          • Assignee:
            Jean-Louis MONTEIRO
            Reporter:
            Luis Fernando Planella Gonzalez
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development