[EMAIL PROTECTED] wrote:
dblevins 2004/02/10 03:06:27
Modified: modules/security/src/java/org/apache/geronimo/security
ContextManager.java
Log:
Modified isCallerInRole and getCallerPrinciple to handle the situation
where the caller is not known, as is the case when the security interceptor
is dissabled.
Hey David
I have concerns about disabling the security interceptor - isn't that going to leave us wide open?
If we do it, can't we just replace it with a 'null' interceptor that just injects a dummy principal. That way all the downstream code can work as usual and we are less likely to break things like IIOP propagation.
-- Jeremy
