Hi Jean. Yes, it's almost the same thing. First sorry, I didn't remember I had already created an issue before. In the first issue (984) I had posted the workaround I'm using until the proper fix is done. The second one (1120) contains the patch to fix. There is however a minor thing: In our system, we've named the "guest" role as "public", so in the workaround the "public" role is being granted. With the patch in 1120, the role name will always be "guest" (I can search / replace in our code, no problem). David even mentioned that it would be possible to add a configuration in the SecurityService to change that name, but it's not really necessary for me. Again, sorry. You may close the first one as duplicate if you want...
Luis Fernando Planella Gonzalez Em Quarta-feira 23 Dezembro 2009, às 08:05:43, Jean-Louis MONTEIRO escreveu: > > Hi Luis, > > I've noticed to related issues: > https://issues.apache.org/jira/browse/OPENEJB-984 > https://issues.apache.org/jira/browse/OPENEJB-984 > https://issues.apache.org/jira/browse/OPENEJB-1120 > https://issues.apache.org/jira/browse/OPENEJB-1120 > > It seems to me, the fix is the same. > Is that right? > Did i misunderstand something? > > Jean-Louis > > > > Luis F. Planella Gonzalez wrote: > > > > TomcatSecurityService overrides SecurityService's getLogicalRoles() method > > to handle his known principal types: TomcatUser and RunAsRole. > > However, it ignores other principals. The default behavior of > > SecurityService is to grant roles when the principal name matches the > > logical role name.] > > In practice, this will allow TomcatSecurityService to grant the "guest" > > role when no user is logged in. > > > > I've created https://issues.apache.org/jira/browse/OPENEJB-1120 with a > > patch to fix it. > > > > There is also an old thread where I had already discussed this subject > > with David: > > http://old.nabble.com/Unauthenticated-principal-td21012809.html > > However, here I've applied the sentence: "enough talking, show me the > > code" ;) > > > > Luis Fernando Planella Gonzalez > > > > > >
