Servlet run-as role should apply to a dispatch to another servlet
-----------------------------------------------------------------
Key: GERONIMO-4778
URL: https://issues.apache.org/jira/browse/GERONIMO-4778
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security, web
Affects Versions: 2.2
Reporter: David Jencks
Assignee: David Jencks
Fix For: 2.2
The servlet spec doesn't say anything about the effect of a run-as role on the
target servlet of a dispatch. Some private communication with Ron Monzilla
(also on the servlet eg ml) indicates that the best behavior would be that if a
servlet A with run-as role R dispatches to another servlet B, B's security
decisions (is user in role, mostly, for servlets) be based on role R.
This will require a small modification in jetty, see
https://bugs.eclipse.org/bugs/show_bug.cgi?id=285119
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
