[
https://issues.apache.org/jira/browse/GERONIMO-5468?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Jencks updated GERONIMO-5468:
---
Attachment: GERONIMO-5468-tomcat-original.diff
GERONIMO-5468-tomcat-fork.diff
GERONIMO-5468-geronimo-2.diff
I'm attaching 3 patches. Two are for tomcat to fix what I think is a bad
separation of concerns for the request.login method. One of these is for our
tomcat fork, the other for tomcat trunk. (the same changes in each). The third
patch is for the geronimo tomcat plugin to use the proposed tomcat changes.
In any case, one problem with the first patch is that the new security valve
authenticate method must say that auth is mandatory. The request already got
to the user's code, so by the declarative security, auth is not mandatory.
However the user code is requesting authentication, so we have to force it to
happen.
Please review! thanks
Support authenticate/login/logout methods in the HttpServletRequest interface
-
Key: GERONIMO-5468
URL: https://issues.apache.org/jira/browse/GERONIMO-5468
Project: Geronimo
Issue Type: Bug
Security Level: public(Regular issues)
Components: Tomcat
Affects Versions: 3.0-M1, 3.0
Reporter: Ivan
Assignee: Han Hong Fang
Fix For: 3.0
Attachments: GERONIMO-5468-geronimo-2.diff,
GERONIMO-5468-tomcat-fork.diff, GERONIMO-5468-tomcat-original.diff,
GERONIMO-5468.patch
In Servlet 3.0, authenticate/login/logout methods are added in the
HttpServletRequest interface, we need to support them in Geronimo's way.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.