[jboss-jira] [JBoss JIRA] Commented: (JBWEB-19) Make isUserInRole() and getUserPrincipal() available on unsecured pages
Jeff Schnitzer (JIRA)
jira-events at lists.jboss.org
Fri Feb 5 15:27:19 EST 2010
[ https://jira.jboss.org/jira/browse/JBWEB-19?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12510751#action_12510751 ]
Jeff Schnitzer commented on JBWEB-19:
-------------------------------------
I pretty much single-handedly brought JBoss into Electronic Arts in 2002 (replacing WebLogic) and Kink.com in 2006 (replacing PHP). You've already lost the first one, and you're on the verge of losing the second. Before you piss on someone, you might want to check to see if they are (or were) actual customers first.
> Make isUserInRole() and getUserPrincipal() available on unsecured pages
> -----------------------------------------------------------------------
>
> Key: JBWEB-19
> URL: https://jira.jboss.org/jira/browse/JBWEB-19
> Project: JBoss Web
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Core
> Environment: Any
> Reporter: Jeff Schnitzer
> Assignee: Remy Maucherat
>
> Currently getUserPrincipal() returns null and ServletRequest.isUserInRole() always returns false on unsecured pages, even after the user has been authenticated.
> It would be much more useful if these always returned proper values. This confusion comes up on the JAAS forums frequently.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list