Yes it should. I agree.
John Sisson wrote: > This sounds like a bug. Shouldn't it also be fixed in 1.0.1 ? > > John > > David Jencks (JIRA) wrote: >> [ http://issues.apache.org/jira/browse/GERONIMO-1463?page=all ] >> David Jencks closed GERONIMO-1463: >> ---------------------------------- >> >> Resolution: Fixed >> >> Sending >> modules/tomcat/src/java/org/apache/geronimo/tomcat/realm/TomcatGeronimoRealm.java >> >> Sending >> modules/tomcat/src/java/org/apache/geronimo/tomcat/valve/PolicyContextValve.java >> >> Transmitting file data .. >> Committed revision 368536. >> >>> Tomcat doesn't always get the right servlet name when evaluating >>> isUserInRole >>> ----------------------------------------------------------------------------- >>> >>> >>> Key: GERONIMO-1463 >>> URL: http://issues.apache.org/jira/browse/GERONIMO-1463 >>> Project: Geronimo >>> Type: Bug >>> Components: Tomcat >>> Versions: 1.1 >>> Reporter: David Jencks >>> Assignee: David Jencks >>> Fix For: 1.1 >>> >> >> >>> TomcatGeronimoRealm has a complicated way of trying to determine the >>> servlet name by resolving the context path. Unfortunately it doesn't >>> work very well. However, the servlet name is available from >>> request.getWrapper.getName(). The wrapper in question wraps the >>> servlet, not the request, so it should always be available. >>> In addition, the current code only sets the request on a thread local >>> when you access a secured page. However there seems to be agreement >>> that access to unsecured pages after you have logged on should still >>> have the Subject available and give "logged in" answers to >>> isUserInRole. Therefore we have to set the request when accessing >>> any page. Moving the setting to PolicycontextValve should suffice. >>> >> >>
