OpenEJB
  1. OpenEJB
  2. OPENEJB-1120

TomcatSecurityService should grant the guest role when no user is logged in

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.1.3
    • Component/s: tomee
    • Labels:
      None
    • Environment:
      Linux 64 bits, Java 6u16

      Description

      The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
      TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
      It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
      There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html

      1. TomcatSecurityService_DefaultRole.patch
        1.0 kB
        Luis Fernando Planella Gonzalez

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Jean-Louis MONTEIRO
            Reporter:
            Luis Fernando Planella Gonzalez
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development