[
https://issues.apache.org/jira/browse/GERONIMO-5468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Jencks updated GERONIMO-5468:
-----------------------------------
Attachment: GERONIMO-5468-tomcat-original.diff
GERONIMO-5468-tomcat-fork.diff
GERONIMO-5468-geronimo-2.diff
I'm attaching 3 patches. Two are for tomcat to fix what I think is a bad
separation of concerns for the request.login method. One of these is for our
tomcat fork, the other for tomcat trunk. (the same changes in each). The third
patch is for the geronimo tomcat plugin to use the proposed tomcat changes.
In any case, one problem with the first patch is that the new security valve
authenticate method must say that auth is mandatory. The request already got
to the user's code, so by the declarative security, auth is not mandatory.
However the user code is requesting authentication, so we have to force it to
happen.
Please review! thanks
> Support authenticate/login/logout methods in the HttpServletRequest interface
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-5468
> URL: https://issues.apache.org/jira/browse/GERONIMO-5468
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 3.0-M1, 3.0
> Reporter: Ivan
> Assignee: Han Hong Fang
> Fix For: 3.0
>
> Attachments: GERONIMO-5468-geronimo-2.diff,
> GERONIMO-5468-tomcat-fork.diff, GERONIMO-5468-tomcat-original.diff,
> GERONIMO-5468.patch
>
>
> In Servlet 3.0, authenticate/login/logout methods are added in the
> HttpServletRequest interface, we need to support them in Geronimo's way.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
