[jboss-jira] [JBoss JIRA] Commented: (SECURITY-362) Relax WebAuthorizationHelper->CheckResourcePermission callerSubject non-null needs
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Feb 9 13:35:54 EST 2009
[ https://jira.jboss.org/jira/browse/SECURITY-362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12451838#action_12451838 ]
Anil Saldhana commented on SECURITY-362:
----------------------------------------
Tomcat AuthenticatorBase can make a callout to the realm with no authentication performed. It does it to determine some of the rules of security constraints that need to be evaluated.
> Relax WebAuthorizationHelper->CheckResourcePermission callerSubject non-null needs
> ----------------------------------------------------------------------------------
>
> Key: SECURITY-362
> URL: https://jira.jboss.org/jira/browse/SECURITY-362
> Project: JBoss Security and Identity Management
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: 2.0.2.SP5
> Reporter: Anil Saldhana
> Assignee: Anil Saldhana
> Fix For: 2.0.2.SP6
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list