Details
-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
JBossAS-3.2.6 Final
-
None
Description
SourceForge Submitter: alindsey .
When a servlet makes a JMX invocation through the RMI adaptor
and then forwards to a jsp, request.isUserInRole() always returns
false. If the same invocation is done directly through the MBean
server, request.isUserInRole() behaves as expected. If
request.isUserInRole() is called from within the servlet, it returns
the correct value. This doesn't happen for the 3.0 series with
any version of Tomcat. It does happen for the 3.2 series through
the latest in CVS. This is running on Linux with JDK 1.4.1.
I'm attaching an ear file that can demonstrate the problem. It
contains a simple servlet and jmx service. The servlet is
protected with basic authentication in the "other" security
domain. To run the test, there must be a user to log in as in the
"other" domain that gets the role "USER". When that's
configured, you can deploy the ear file and point a browser at:
http://host:port/roletest/test.do?method=server
This will hit the servlet, make a jmx invocation through the
MBean server and forward to the jsp. The following url will
invoke through the RMI adaptor.
http://host:port/roletest/test.do?method=adaptor
Source is contained in the ear file.
Aaron
