File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Is it Tomcat's Bug or My Mistake Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Is it Tomcat Watch "Is it Tomcat New topic

Is it Tomcat's Bug or My Mistake

Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
My web.xml is listed below. I tested with tomcat 5.0.29 and requested /first.jsp. I was prompted with a login prompt and I entered the password for an account with "admin" role. Unexpectedly, the /first.jsp was displayed!!

My understanding is that this should not had happen because I used <auth-contraint /> in my second <security-contraint>. Could anyone help me to spot any mistake I may have made.


<web-app xmlns=""
<!-- security-constran -->
<auth-constraint />

<!-- <login-config> -->
<!-- <security-role> -->
<!-- <welcome-file-list> -->
<!-- <filter> -->
Sergey Tyulkin
Ranch Hand

Joined: May 10, 2005
Posts: 87
Seems to be Tomcat bug
Esam Ahmed
Ranch Hand

Joined: Aug 10, 2005
Posts: 101
How did <role-name> map to the security "realm" ?

You might want to add these and see how it behaves:


<role rolename="admin"/>
<role rolename="user"/>

<user username="myName" password="myPassword" roles="admin, user" />
<user username="yourName" password="yourPassword" roles="admin" />


[ September 16, 2005: Message edited by: Esam Ahmed ]

Esam<br />SCJP 1.4, SCWCD 1.4
I agree. Here's the link:
subject: Is it Tomcat's Bug or My Mistake
It's not a secret anymore!