[
https://issues.apache.org/jira/browse/GERONIMO-4521?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Jencks closed GERONIMO-4521.
----------------------------------
Resolution: Fixed
trunk rev 736874
branches/2.1 rev 736877
> ejb apps with spec security constraints should only deploy if there are
> corresponding geronimo security constraints, as with web apps
> -------------------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-4521
> URL: https://issues.apache.org/jira/browse/GERONIMO-4521
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: deployment, OpenEJB
> Affects Versions: 2.1.3, 2.1.4, 2.2
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 2.1.4, 2.2
>
>
> for quite a while we have only allowed you to deploy a web app with security
> constraints if you also supply a geronimo security configuration; otherwise
> you get no security constraints at all. We should be doing the same for ejb
> apps. While this may be inconvenient for those who want to try deploying an
> app without completing the configuration, the alternative is to give the
> impression that the deployed app is enforcing the security constraints --
> which it is not.
> I suppose an alternative might be to figure out a way to deploy and just
> forbid access to any resources that are constrained.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
