On Aug 13, 2007, at 9:27 PM, David Jencks wrote:
I think I've fixed GERONIMO-3404 and GERONIMO-3406 in trunk, rev 565599. It might be a good idea for this to get a review before we port it to branches/2.0 and possibly branches/2.0.x.
I'm looking things over now... May take me a bit... Easy to get this logic a bit twisted...
I haven't decided how to fix GERONIMO-3407 yet, and could be talked out of it for 2.0.1. The problem would manifest itself as geronimo not working if anyone tried to use a login module with REQUISITE or (I think) SUFFICIENT flags. I don't think there's any security exposure, it just that you effectively couldn't log in with such a login configuration.
Hmm. I was thinking the big issue was with the SUFFICIENT flag -- if a SUFFICIENT LoginModule succeeds, authentication does not proceed down the chain of LoginModules. Thus the SubjectLoginRegistrationModule might not be invoked.
Likewise, if a REQUISITE LoginModule fails, the SubjectLoginRegistrationModule wouldn't be invoked. Since the login won't succeed, this doesn't seem like a big issue. Am I missing something?
On a completely unrelated issue I can't build modules/geronimo-axis- builder in trunk as part of the main build, I get a complaint from javac. I don't have problems building it by itself. Anyone else see this?
I'm not having a problem... --kevan
