Bugs item #878497, was opened at 2004-01-16 12:05 Message generated for change (Comment added) made by starksm You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376685&aid=878497&group_id=22866
Category: JBossWeb Group: v3.2 >Status: Closed >Resolution: Duplicate Priority: 5 Submitted By: Aaron Lindsey (alindsey) >Assigned to: Scott M Stark (starksm) Summary: User roles don't propagate to jsps from servlets Initial Comment: When a servlet makes a JMX invocation through the RMI adaptor and then forwards to a jsp, request.isUserInRole() always returns false. If the same invocation is done directly through the MBean server, request.isUserInRole() behaves as expected. If request.isUserInRole() is called from within the servlet, it returns the correct value. This doesn't happen for the 3.0 series with any version of Tomcat. It does happen for the 3.2 series through the latest in CVS. This is running on Linux with JDK 1.4.1. I'm attaching an ear file that can demonstrate the problem. It contains a simple servlet and jmx service. The servlet is protected with basic authentication in the "other" security domain. To run the test, there must be a user to log in as in the "other" domain that gets the role "USER". When that's configured, you can deploy the ear file and point a browser at: http://host:port/roletest/test.do?method=server This will hit the servlet, make a jmx invocation through the MBean server and forward to the jsp. The following url will invoke through the RMI adaptor. http://host:port/roletest/test.do?method=adaptor Source is contained in the ear file. Aaron ---------------------------------------------------------------------- >Comment By: Scott M Stark (starksm) Date: 2004-01-19 07:53 Message: Logged In: YES user_id=175228 This is a duplicate of 835112. The RMIAdaptor in 3.2.3 sets and clears the thread association security context based on the requesting security context. The RMIAdaptor is intended for external clients, no in-vm clients that need access to the MBeanServer. This should be done directly through the MBeanServer. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376685&aid=878497&group_id=22866 ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ JBoss-Development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
