File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is it Tomcat's Bug or My Mistake

 
Alec Lee
Ranch Hand
Posts: 569
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My web.xml is listed below. I tested with tomcat 5.0.29 and requested /first.jsp. I was prompted with a login prompt and I entered the password for an account with "admin" role. Unexpectedly, the /first.jsp was displayed!!

My understanding is that this should not had happen because I used <auth-contraint /> in my second <security-contraint>. Could anyone help me to spot any mistake I may have made.

Thx

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<!-- security-constran -->
<security-constraint>
<web-resource-collection>
<web-resource-name>hello</web-resource-name>
<url-pattern>/first.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ss</web-resource-name>
<url-pattern>/first.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

<!-- <login-config> -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<!-- <security-role> -->
<security-role>
<role-name>admin</role-name>
<role-name>tomcat</role-name>
</security-role>
<!-- <welcome-file-list> -->
<!-- <filter> -->
</web-app>
 
Sergey Tyulkin
Ranch Hand
Posts: 87
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Seems to be Tomcat bug
 
Esam Ahmed
Ranch Hand
Posts: 101
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How did <role-name> map to the security "realm" ?

You might want to add these and see how it behaves:

<tomcat-users>

<role rolename="admin"/>
<role rolename="user"/>


<user username="myName" password="myPassword" roles="admin, user" />
<user username="yourName" password="yourPassword" roles="admin" />

</tomcat-users>

Esam
[ September 16, 2005: Message edited by: Esam Ahmed ]
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic