0003501: Login/Authenticator (and Principal) Roles Ingored

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0003501

[Resin]

block

always

05-12-09 12:35

08-25-09 16:29

Reporter

skot

View Status

public

Assigned To

ferg

Priority

normal

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

4.0.2

Product Version

4.0.1

Product Build

Summary

0003501: Login/Authenticator (and Principal) Roles Ingored

Description

If you call request.isUserInRole from a JSP the Login/Authenticator and Principal (CachingPrincipal as an example) roles are ignored.

Take a look at AbstractHttpRequest.java:1863 at the isUserInRole(String) method. See how it never grabs the Authenticator or Login classes to check for roles like the SecurityContext(line:109) does.

Steps To Reproduce

Additional Information

These seems like two different code path with considerably different results and that the request code should do what the SecurityContext code does, first.

Attached Files

Relationships

Notes
(0004006) skot 05-12-09 16:32	This seems to be a problem with the webapp being null and not checking the Login.

(0004042) ferg 05-27-09 15:47	I'm confused. How is the webapp null if you're in a JSP file?

(0004157) ferg 08-25-09 16:29	server/1a39

Issue History
Date Modified	Username	Field	Change
05-12-09 12:35	skot	New Issue
05-12-09 16:32	skot	Note Added: 0004006
05-27-09 15:47	ferg	Note Added: 0004042
08-25-09 16:29	ferg	Note Added: 0004157
08-25-09 16:29	ferg	Assigned To	=> ferg
08-25-09 16:29	ferg	Status	new => closed
08-25-09 16:29	ferg	Resolution	open => fixed
08-25-09 16:29	ferg	Fixed in Version	=> 4.0.2

Mantis 1.0.0rc3[^]

33 total queries executed.
28 unique queries executed.