[ https://issues.apache.org/jira/browse/GERONIMO-5480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12893651#action_12893651 ]
Jarek Gawor commented on GERONIMO-5480: --------------------------------------- Just to provide some more background on this issue. On Felix each bundle gets a ProtectionDomain with the default permissions. On Equinox each bundle gets a ProtectionDomain with default permissions + AllPermissions. The ContextManager class (in geronimo-security bundle) sets up a default Subject (EMPTY). That subject gets the protection domain of the geronimo-security bundle. During web authentication the different Web*Permissions are checked against the default subject. Since the subject on Equinox contains AllPermissions all permission requests are granted and that's why the user is never prompted for username/password info. > Web security does not work on Equinox > ------------------------------------- > > Key: GERONIMO-5480 > URL: https://issues.apache.org/jira/browse/GERONIMO-5480 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Affects Versions: 3.0-M1 > Reporter: Jarek Gawor > Assignee: David Jencks > Fix For: 3.0 > > > Authentication is not requested when running secure web applications on > Geronimo on Equinox. That is, things behave as the user is already > authenticated. This can be easily observed with the admin console or > security-testsuite. Authentication works as expected on Felix. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.