This sounds like a bug. Shouldn't it also be fixed in 1.0.1 ?
John David Jencks (JIRA) wrote:
[ http://issues.apache.org/jira/browse/GERONIMO-1463?page=all ]David Jencks closed GERONIMO-1463:---------------------------------- Resolution: Fixed Sending modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java Sending modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java Transmitting file data ..Committed revision 368536.Tomcat doesn't always get the right servlet name when evaluating isUserInRole ----------------------------------------------------------------------------- Key: GERONIMO-1463 URL: http://issues.apache.org/jira/browse/GERONIMO-1463 Project: Geronimo Type: Bug Components: Tomcat Versions: 1.1 Reporter: David Jencks Assignee: David Jencks Fix For: 1.1TomcatGeronimoRealm has a complicated way of trying to determine the servlet name by resolving the context path. Unfortunately it doesn't work very well. However, the servlet name is available from request.getWrapper.getName(). The wrapper in question wraps the servlet, not the request, so it should always be available. In addition, the current code only sets the request on a thread local when you access a secured page. However there seems to be agreement that access to unsecured pages after you have logged on should still have the Subject available and give "logged in" answers to isUserInRole. Therefore we have to set the request when accessing any page. Moving the setting to PolicycontextValve should suffice.
