File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

without being defined in a <security-role>

 
sameer khazi
Greenhorn
Posts: 28
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all

kindly help me out in finding out the exact problem with the following error message from the file "catalina" of the Log directory of Tomcat 6.0.18

Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.ContextConfig validateSecurityRoles INFO: WARNING: Security role name private used in an <auth-constraint> without being defined in a <security-role>

Mar 8, 2009 7:55:11 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Mar 8, 2009 7:55:11 AM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 695 ms


 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The message seems very specific and to the point: any role you use in an auth-constraint tag needs to be defined in a security-role tag. You may want to read up on the security-constraint>, auth-constraint and security-role elements of the web.xml file; they're explained in the servlet specification.
 
sameer khazi
Greenhorn
Posts: 28
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi..

Mr Dittmer..

Thank you for you suggestion..

Actually i had not included the <security-role> xml tag in the Application-level "web.xml" file.

i have been able to get the desired out put.

Also need a little bit of clarification on the following..

(1)

<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>

.....

</security-constraint>

(2)

<security-role>

<role-name> tomcat</role-name>

<security-role>

....

</web-app>

We place the sub-element i.e. <role-name> under both the <auth-constraint> and also the <security-role> main xml elements.

does the <role-name> under both these Main xml elements server the same purpose. if yes, then why it( <role-name> ) is being placed at two separate places.

i hope i have made my point clear.

Thank you...







 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, it serves different purposes. Underneath "security-role" it means "I am going to use role XYZ", while underneath security-constraint it means "role X is required to access these URLs". So the difference is like between declaring a variable and using a variable.
 
sameer khazi
Greenhorn
Posts: 28
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi

Thanks Dittmer..

thanks for making the points clear..

 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic