[jboss-jira] [JBoss JIRA] Updated: (JBAS-3045) Security patch for isUserInRole(String) for same principal name
Ryan Campbell (JIRA)
jira-events at jboss.com
Thu Aug 31 00:21:44 EDT 2006
[ http://jira.jboss.com/jira/browse/JBAS-3045?page=all ]
Ryan Campbell updated JBAS-3045:
--------------------------------
Security: Public (was: JBoss Customer)
> Security patch for isUserInRole(String) for same principal name
> ---------------------------------------------------------------
>
> Key: JBAS-3045
> URL: http://jira.jboss.com/jira/browse/JBAS-3045
> Project: JBoss Application Server
> Issue Type: Support Patch
> Security Level: Public(Everyone can see)
> Affects Versions: JBossAS-4.0.3 SP1
> Reporter: Scott M Stark
> Assigned To: Ryan Campbell
> Priority: Critical
>
> As described in JBAS-3043, the JBossSecurityMgrRealm mapping of Principal to GenericPrincipal is not using an application level scope and so if there are multiple web apps with the same principal, but different roles, there is a conflict in the principal to role mapping logic.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list