ejb apps with spec security constraints should only deploy if there are
corresponding geronimo security constraints, as with web apps
-------------------------------------------------------------------------------------------------------------------------------------
Key: GERONIMO-4521
URL: https://issues.apache.org/jira/browse/GERONIMO-4521
Project: Geronimo
Issue Type: Improvement
Security Level: public (Regular issues)
Components: deployment, OpenEJB
Affects Versions: 2.1.3, 2.1.4, 2.2
Reporter: David Jencks
Assignee: David Jencks
Fix For: 2.1.4, 2.2
for quite a while we have only allowed you to deploy a web app with security
constraints if you also supply a geronimo security configuration; otherwise you
get no security constraints at all. We should be doing the same for ejb apps.
While this may be inconvenient for those who want to try deploying an app
without completing the configuration, the alternative is to give the impression
that the deployed app is enforcing the security constraints -- which it is not.
I suppose an alternative might be to figure out a way to deploy and just forbid
access to any resources that are constrained.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
