Skip to main content

[JIRA] Created: (SERVLET_SPEC-34) Auth constraint that requires a valid user, but does not require any particular role

  • From: "elygre (JIRA)" <jira-no-reply@...>
  • To: issues@...
  • Subject: [JIRA] Created: (SERVLET_SPEC-34) Auth constraint that requires a valid user, but does not require any particular role
  • Date: Fri, 16 Mar 2012 11:52:38 +0000 (GMT+00:00)
  • Auto-submitted: auto-generated

Auth constraint that requires a valid user, but does not require any 
particular role
------------------------------------------------------------------------------------

                 Key: SERVLET_SPEC-34
                 URL: http://java.net/jira/browse/SERVLET_SPEC-34
             Project: servlet-spec
          Issue Type: Improvement
            Reporter: elygre


For many applications, the it is desirable to have authentication handled by 
the container, while authorization must be handled by the application login. 
In such scenarios, it would be useful to require the a user is logged on, 
without having to specify roles.

There is precendence for this kind of security from other environments:
- In Apache httpd, you can specify "require valid-user" to request 
authentication
- In the google appengine, you can specify a role name of "*": "If the 
authorization constraint specifies a user role of *, then any users signed in 
with a Google Account can access the URL." 
(http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication)

Since the last one conflicts with the current spec, maybe something like this 
would work:

{code}<auth-constraint anyAuthenticatedUserAllowed="true" />{code}

{code}
@ServletSecurity(@HttpConstraint(anyAuthenticatedUserAllowed=true))
public class Example4 extends HttpServlet {
}{code}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[JIRA] Created: (SERVLET_SPEC-34) Auth constraint that requires a valid user, but does not require any particular role

elygre (JIRA) 03/16/2012
 
 
Close
loading
Please Confirm
Close