|
Mantis - Resin
|
|
Viewing Issue Advanced Details |
|
|
ID:
|
Category:
|
Severity:
|
Reproducibility:
|
Date Submitted:
|
Last Update:
|
|
3501 |
|
block |
always |
05-12-09 12:35 |
08-25-09 16:29 |
|
|
Reporter:
|
skot |
Platform:
|
|
|
|
Assigned To:
|
ferg |
OS:
|
|
|
|
Priority:
|
normal |
OS Version:
|
|
|
|
Status:
|
closed |
Product Version:
|
4.0.1 |
|
|
Product Build:
|
|
Resolution:
|
fixed |
|
|
Projection:
|
none |
|
|
|
|
ETA:
|
none |
Fixed in Version:
|
4.0.2 |
|
|
|
Summary:
|
0003501: Login/Authenticator (and Principal) Roles Ingored |
|
Description:
|
If you call request.isUserInRole from a JSP the Login/Authenticator and Principal (CachingPrincipal as an example) roles are ignored.
Take a look at AbstractHttpRequest.java:1863 at the isUserInRole(String) method. See how it never grabs the Authenticator or Login classes to check for roles like the SecurityContext(line:109) does. |
|
Steps To Reproduce:
|
|
|
Additional Information:
|
These seems like two different code path with considerably different results and that the request code should do what the SecurityContext code does, first. |
| Relationships | |
|
Attached Files:
|
|