servlet-spec
  1. servlet-spec
  2. SERVLET_SPEC-71

Unnecessary new special role name of ** for auth-constraints

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      Ideally I would re-open issue #34 but I don't have permission to do that.

      Please clarify the purpose of adding the special role name "*". A role name of "" already indicates that a user with any role can access the protected resource. If a url is protected by a security constraint, a user must be authenticated before their access to it can be determined. Thus, the role name of "" in a security constraint already means "any authenticated user" may access the user protected by it: the new special role name of "*" is unnecessary.

        Activity

        Hide
        Shing Wai Chan added a comment -

        According to JSR 115, "*" means any role defined in the application.
        Now, "**" means any authenticated users.
        The above two concepts are different.

        Show
        Shing Wai Chan added a comment - According to JSR 115, "*" means any role defined in the application. Now, "**" means any authenticated users. The above two concepts are different.
        Hide
        janbartel added a comment -

        Sorry - the wiki markup appears to have messed up the number of stars, making the bug hard to understand.

        In the previous comment, what I am trying to say is that the new role name of "star star" is unnecessary because the existing special role name of "star" means the same thing.

        Show
        janbartel added a comment - Sorry - the wiki markup appears to have messed up the number of stars, making the bug hard to understand. In the previous comment, what I am trying to say is that the new role name of "star star" is unnecessary because the existing special role name of "star" means the same thing.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            janbartel
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: