[
https://issues.apache.org/jira/browse/GERONIMO-4778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12737326#action_12737326
]
David Jencks commented on GERONIMO-4778:
----------------------------------------
Geronimo parts implemented rev 799456. Leaving open until jetty issue is
resolved: before this we will see a testsuite failure in
enterprise-testsuite/sec-tests testForwardRunAsServlet
> Servlet run-as role should apply to a dispatch to another servlet
> -----------------------------------------------------------------
>
> Key: GERONIMO-4778
> URL: https://issues.apache.org/jira/browse/GERONIMO-4778
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, web
> Affects Versions: 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.2
>
>
> The servlet spec doesn't say anything about the effect of a run-as role on
> the target servlet of a dispatch. Some private communication with Ron
> Monzilla (also on the servlet eg ml) indicates that the best behavior would
> be that if a servlet A with run-as role R dispatches to another servlet B,
> B's security decisions (is user in role, mostly, for servlets) be based on
> role R.
> This will require a small modification in jetty, see
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=285119
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
