[
https://issues.apache.org/jira/browse/GERONIMO-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan updated GERONIMO-4669:
---------------------------
Attachment: Geronimo-4669.patch
Use whether the securityconfiguration exists, not the methodpermissions to
decide whether the contexit is security enabled.
Please help to review it, if no object, I will commit it. I think if this issue
is fixed, many of the TCK cases would pass ;-)
> EJ B security does not work correctly when no permssion is set and the user
> does a login
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-4669
> URL: https://issues.apache.org/jira/browse/GERONIMO-4669
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: OpenEJB
> Affects Versions: 2.2
> Reporter: Ivan
> Assignee: Ivan
> Fix For: 2.2
>
> Attachments: Geronimo-4669.patch
>
>
> Currently, if in the ejb-jar.xml file, not method-permission exists, we will
> not create a JACC Manager. But the securityEnabled is always set to true, so
> while the user login in, then the access is denied. In the past versions, we
> always create a JACC Manager even if no method permisson is set, and in it,
> all the method invocation permissions are granted. This issue blocked some
> EJB TCK testcases, I think.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
