servlet-spec
  1. servlet-spec
  2. SERVLET_SPEC-71

Unnecessary new special role name of ** for auth-constraints

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      Ideally I would re-open issue #34 but I don't have permission to do that.

      Please clarify the purpose of adding the special role name "*". A role name of "" already indicates that a user with any role can access the protected resource. If a url is protected by a security constraint, a user must be authenticated before their access to it can be determined. Thus, the role name of "" in a security constraint already means "any authenticated user" may access the user protected by it: the new special role name of "*" is unnecessary.

        Activity

        Hide
        janbartel added a comment -

        Sorry - the wiki markup appears to have messed up the number of stars, making the bug hard to understand.

        In the previous comment, what I am trying to say is that the new role name of "star star" is unnecessary because the existing special role name of "star" means the same thing.

        Show
        janbartel added a comment - Sorry - the wiki markup appears to have messed up the number of stars, making the bug hard to understand. In the previous comment, what I am trying to say is that the new role name of "star star" is unnecessary because the existing special role name of "star" means the same thing.
        Hide
        Shing Wai Chan added a comment -

        According to JSR 115, "*" means any role defined in the application.
        Now, "**" means any authenticated users.
        The above two concepts are different.

        Show
        Shing Wai Chan added a comment - According to JSR 115, "*" means any role defined in the application. Now, "**" means any authenticated users. The above two concepts are different.

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            janbartel
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: