[jira] Created: (GERONIMO-648) EJB web services need user data permissions too

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (GERONIMO-648) EJB web services need user data permissions too

Development mailing list
EJB web services need user data permissions too
-----------------------------------------------

         Key: GERONIMO-648
         URL: http://issues.apache.org/jira/browse/GERONIMO-648
     Project: Geronimo
        Type: Bug
  Components: webservices  
    Versions: 1.0-M3    
    Reporter: David Jencks
 Assigned to: David Jencks
     Fix For: 1.0-M4


Since ejb web services are not part of a web application, they don't get the user data permissions that a web app does.  Therefore there is no way to specify that ssl/tls or a client certificate is needed.  Also there is no way to specify how to login.  We can add a section to the openejb plan that specifies transport-guarantee and authentication-method just like for a web app.  We might want to consider bringing this up with the appropriate spec committee.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (GERONIMO-648) EJB web services need user data permissions too

Development mailing list
     [ http://issues.apache.org/jira/browse/GERONIMO-648?page=all ]
     
David Jencks closed GERONIMO-648:
---------------------------------

     Resolution: Fixed
    Fix Version: 1.0-M4

Implemented in rev 170494 and in openejb.  I didn't use UserDataPermissions or a JACC-like approach but just checked the transport and login status directly.

> EJB web services need user data permissions too
> -----------------------------------------------
>
>          Key: GERONIMO-648
>          URL: http://issues.apache.org/jira/browse/GERONIMO-648
>      Project: Geronimo
>         Type: Bug
>   Components: webservices
>     Versions: 1.0-M3
>     Reporter: David Jencks
>     Assignee: David Jencks
>      Fix For: 1.0-M4

>
> Since ejb web services are not part of a web application, they don't get the user data permissions that a web app does.  Therefore there is no way to specify that ssl/tls or a client certificate is needed.  Also there is no way to specify how to login.  We can add a section to the openejb plan that specifies transport-guarantee and authentication-method just like for a web app.  We might want to consider bringing this up with the appropriate spec committee.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira