[ http://issues.apache.org/jira/browse/GERONIMO-1463?page=all ] David Jencks closed GERONIMO-1463: ----------------------------------
Resolution: Fixed Sending modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Sending modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java Transmitting file data .. Committed revision 368536. > Tomcat doesn't always get the right servlet name when evaluating isUserInRole > ----------------------------------------------------------------------------- > > Key: GERONIMO-1463 > URL: http://issues.apache.org/jira/browse/GERONIMO-1463 > Project: Geronimo > Type: Bug > Components: Tomcat > Versions: 1.1 > Reporter: David Jencks > Assignee: David Jencks > Fix For: 1.1 > > TomcatGeronimoRealm has a complicated way of trying to determine the servlet > name by resolving the context path. Unfortunately it doesn't work very well. > However, the servlet name is available from request.getWrapper.getName(). > The wrapper in question wraps the servlet, not the request, so it should > always be available. > In addition, the current code only sets the request on a thread local when > you access a secured page. However there seems to be agreement that access > to unsecured pages after you have logged on should still have the Subject > available and give "logged in" answers to isUserInRole. Therefore we have to > set the request when accessing any page. Moving the setting to > PolicycontextValve should suffice. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira