Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0003501 [Resin] block always 05-12-09 12:35 08-25-09 16:29
Reporter skot View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.1
Summary 0003501: Login/Authenticator (and Principal) Roles Ingored
Description If you call request.isUserInRole from a JSP the Login/Authenticator and Principal (CachingPrincipal as an example) roles are ignored.

Take a look at AbstractHttpRequest.java:1863 at the isUserInRole(String) method. See how it never grabs the Authenticator or Login classes to check for roles like the SecurityContext(line:109) does.
Additional Information These seems like two different code path with considerably different results and that the request code should do what the SecurityContext code does, first.
Attached Files

- Relationships

- Notes
(0004006)
skot
05-12-09 16:32

This seems to be a problem with the webapp being null and not checking the Login.
 
(0004042)
ferg
05-27-09 15:47

I'm confused. How is the webapp null if you're in a JSP file?
 
(0004157)
ferg
08-25-09 16:29

server/1a39
 

- Issue History
Date Modified Username Field Change
05-12-09 12:35 skot New Issue
05-12-09 16:32 skot Note Added: 0004006
05-27-09 15:47 ferg Note Added: 0004042
08-25-09 16:29 ferg Note Added: 0004157
08-25-09 16:29 ferg Assigned To  => ferg
08-25-09 16:29 ferg Status new => closed
08-25-09 16:29 ferg Resolution open => fixed
08-25-09 16:29 ferg Fixed in Version  => 4.0.2


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
33 total queries executed.
28 unique queries executed.
Powered by Mantis Bugtracker