[jira] Commented: (GERONIMO-4756) jetty 7 ignores default subject settings unless authentication is set up

Thu, 23 Jul 2009 03:57:44 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-4756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12734550#action_12734550
 ] 

Trygve Hardersen commented on GERONIMO-4756:
--------------------------------------------

Please feel free to do whatever you like with the sample project, nice that 
it's useful. I think I uploaded it under the ASF license.

The behavior you're describing sound correct. For the non-authenticated the 
user has to specify their name using the "name" parameter in the request, or 
they will be greeted as "null". I was getting EJBAccessExceptions. Has your fix 
been made available somewhere? I'd love to test it.

When trying to build the web-plugin project with the ServerAuthModule enable, 
which does not do anything useful it must be said, I get ClassNotFoundException 
for no.jotta.jgs.web.DummyServerAuthModule. I tried to put it in both the 
web-classes and realm-classes projects. When I add a direct dependency between 
the web-plugin and web-classes projects, web-plugin won't start because the 
ejb-classes EJB archive cannot be found in the local Maven repository. Here 
Geronimo is searching for a ".ejb" file, but the file is named ".jar". This 
might have to do with the way I've packaged the EAR and CAR, not sure.

Thanks for looking at this so quickly.

> jetty 7 ignores default subject settings unless authentication is set up
> ------------------------------------------------------------------------
>
>                 Key: GERONIMO-4756
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4756
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.2
>
>         Attachments: Geronimo-4766.patch, jgs.tar.gz
>
>
> Jetty 7 should be setting up security stuff if a <security-realm-name> is 
> definied, not only if authentication is specifically configured: this will 
> make default subjects work when no auth is configured.  Should not be a 
> problem for tomcat.... for some reason I found this problem there already :-)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to