[prev in list] [next in list] [prev in thread] [next in thread]
List: geronimo-dev
Subject: [jira] Closed: (GERONIMO-4778) Servlet run-as role should apply to
From: "David Jencks (JIRA)" <jira () apache ! org>
Date: 2009-07-31 23:56:14
Message-ID: 1720245732.1249084574879.JavaMail.jira () brutus
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/GERONIMO-4778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
David Jencks closed GERONIMO-4778.
----------------------------------
Resolution: Fixed
Jetty issue now resolved, will be in 7.0.0.RC3-SNAPSHOT and following.
> Servlet run-as role should apply to a dispatch to another servlet
> -----------------------------------------------------------------
>
> Key: GERONIMO-4778
> URL: https://issues.apache.org/jira/browse/GERONIMO-4778
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, web
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> The servlet spec doesn't say anything about the effect of a run-as role on the \
> target servlet of a dispatch. Some private communication with Ron Monzilla (also \
> on the servlet eg ml) indicates that the best behavior would be that if a servlet A \
> with run-as role R dispatches to another servlet B, B's security decisions (is user \
> in role, mostly, for servlets) be based on role R. This will require a small \
> modification in jetty, see https://bugs.eclipse.org/bugs/show_bug.cgi?id=285119
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic