[
https://issues.apache.org/jira/browse/GERONIMO-5480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895962#action_12895962
]
Jarek Gawor commented on GERONIMO-5480:
---------------------------------------
After digging through Equinox code I see that
PermissionAdmin/ConditionalPermissionAdmin service is really used when the
SecurityManager is enabled. When SecurityManager is not enabled, Equinox just
adds AllPermission permission into the ProtectionDomain for the bundle. As far
as I can tell right now there is no way to configure that default behavior. But
there is a way (a hack really) to prevent Equinox from adding the AllPermission
into the ProtectionDomain. That can be done via Equinox ClassLoadingHook.
> Web security does not work on Equinox
> -------------------------------------
>
> Key: GERONIMO-5480
> URL: https://issues.apache.org/jira/browse/GERONIMO-5480
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Affects Versions: 3.0-M1
> Reporter: Jarek Gawor
> Assignee: David Jencks
> Fix For: 3.0
>
>
> Authentication is not requested when running secure web applications on
> Geronimo on Equinox. That is, things behave as the user is already
> authenticated. This can be easily observed with the admin console or
> security-testsuite. Authentication works as expected on Felix.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
