[
https://issues.apache.org/jira/browse/GERONIMO-5480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12893651#action_12893651
]
Jarek Gawor commented on GERONIMO-5480:
---------------------------------------
Just to provide some more background on this issue. On Felix each bundle gets a
ProtectionDomain with the default permissions. On Equinox each bundle gets a
ProtectionDomain with default permissions + AllPermissions. The ContextManager
class (in geronimo-security bundle) sets up a default Subject (EMPTY). That
subject gets the protection domain of the geronimo-security bundle. During web
authentication the different Web*Permissions are checked against the default
subject. Since the subject on Equinox contains AllPermissions all permission
requests are granted and that's why the user is never prompted for
username/password info.
> Web security does not work on Equinox
> -------------------------------------
>
> Key: GERONIMO-5480
> URL: https://issues.apache.org/jira/browse/GERONIMO-5480
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Affects Versions: 3.0-M1
> Reporter: Jarek Gawor
> Assignee: David Jencks
> Fix For: 3.0
>
>
> Authentication is not requested when running secure web applications on
> Geronimo on Equinox. That is, things behave as the user is already
> authenticated. This can be easily observed with the admin console or
> security-testsuite. Authentication works as expected on Felix.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
