[prev in list] [next in list] [prev in thread] [next in thread] 

List:       geronimo-dev
Subject:    [jira] Closed: (GERONIMO-4778) Servlet run-as role should apply to
From:       "David Jencks (JIRA)" <jira () apache ! org>
Date:       2009-07-31 23:56:14
Message-ID: 1720245732.1249084574879.JavaMail.jira () brutus
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/GERONIMO-4778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

David Jencks closed GERONIMO-4778.
----------------------------------

    Resolution: Fixed

Jetty issue now resolved, will be in 7.0.0.RC3-SNAPSHOT and following.

> Servlet run-as role should apply to a dispatch to another servlet
> -----------------------------------------------------------------
> 
> Key: GERONIMO-4778
> URL: https://issues.apache.org/jira/browse/GERONIMO-4778
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues) 
> Components: security, web
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
> 
> 
> The servlet spec doesn't say anything about the effect of a run-as role on the \
> target servlet of a dispatch.  Some private communication with Ron Monzilla (also \
> on the servlet eg ml) indicates that the best behavior would be that if a servlet A \
> with run-as role R dispatches to another servlet B, B's security decisions (is user \
> in role, mostly, for servlets) be based on role R. This will require a small \
> modification in jetty, see https://bugs.eclipse.org/bugs/show_bug.cgi?id=285119

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


[prev in list] [next in list] [prev in thread] [next in thread]