This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
kindly help me out in finding out the exact problem with the following error message from the file "catalina" of the Log directory of Tomcat 6.0.18
Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.ContextConfig validateSecurityRoles INFO: WARNING: Security role name private used in an <auth-constraint> without being defined in a <security-role>
Mar 8, 2009 7:55:11 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Mar 8, 2009 7:55:11 AM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 695 ms
The message seems very specific and to the point: any role you use in an auth-constraint tag needs to be defined in a security-role tag. You may want to read up on the security-constraint>, auth-constraint and security-role elements of the web.xml file; they're explained in the servlet specification.
Joined: Sep 05, 2008
Thank you for you suggestion..
Actually i had not included the <security-role> xml tag in the Application-level "web.xml" file.
i have been able to get the desired out put.
Also need a little bit of clarification on the following..
We place the sub-element i.e. <role-name> under both the <auth-constraint> and also the <security-role> main xml elements.
does the <role-name> under both these Main xml elements server the same purpose. if yes, then why it( <role-name> ) is being placed at two separate places.
i hope i have made my point clear.
Joined: Mar 22, 2005
No, it serves different purposes. Underneath "security-role" it means "I am going to use role XYZ", while underneath security-constraint it means "role X is required to access these URLs". So the difference is like between declaring a variable and using a variable.
Joined: Sep 05, 2008
thanks for making the points clear..
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: without being defined in a <security-role>