[jboss-jira] [JBoss JIRA] (WFLY-2854) '**' role incorrectly returns false from isUserInRole when user is authenticated

Friday, 31 January 2014

arjan tijms created WFLY-2854:
---------------------------------

             Summary: '**' role incorrectly returns false from isUserInRole when
user is authenticated
                 Key: WFLY-2854
                 URL: https://issues.jboss.org/browse/WFLY-2854
             Project: WildFly
          Issue Type: Feature Request
      Security Level: Public (Everyone can see)
          Components: Security
    Affects Versions: 8.0.0.CR1
            Reporter: arjan tijms
            Assignee: Darran Lofthouse

When authentication has taken place in a web application such that
{{HttpServletRequest#getUserprincipap}} does not return null, testing for role
'**' using {{HttpServletRequest#isUserInRole}} returns false.

This is not correct. According to Servlet 13.3:

{quote}
{noformat}
If the role-name of the security-role to be tested is “**”, 
and the application has NOT declared an application security-role with 
role-name “**”, isUserInRole must only return true if the user has been
authenticated;
{noformat}
{quote}

This is demonstrated by the following test:

https://github.com/arjantijms/javaee7-samples/blob/master/jacc/contexts/s...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFLY-2854) '**' role incorrectly returns false from isUserInRole when user is authenticated