Tomcat doesn't always get the right servlet name when evaluating isUserInRole
-----------------------------------------------------------------------------
Key: GERONIMO-1463
URL: http://issues.apache.org/jira/browse/GERONIMO-1463
Project: Geronimo
Type: Bug
Components: Tomcat
Versions: 1.1
Reporter: David Jencks
Assigned to: David Jencks
Fix For: 1.1
TomcatGeronimoRealm has a complicated way of trying to determine the servlet
name by resolving the context path. Unfortunately it doesn't work very well.
However, the servlet name is available from request.getWrapper.getName(). The
wrapper in question wraps the servlet, not the request, so it should always be
available.
In addition, the current code only sets the request on a thread local when you
access a secured page. However there seems to be agreement that access to
unsecured pages after you have logged on should still have the Subject
available and give "logged in" answers to isUserInRole. Therefore we have to
set the request when accessing any page. Moving the setting to
PolicycontextValve should suffice.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
