jQuery in Action, 2nd edition*
The moose likes Tomcat and the fly likes without being defined in a <security-role> Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "without being defined in a <security-role>" Watch "without being defined in a <security-role>" New topic
Author

without being defined in a <security-role>

sameer khazi
Greenhorn

Joined: Sep 05, 2008
Posts: 28
Hi all

kindly help me out in finding out the exact problem with the following error message from the file "catalina" of the Log directory of Tomcat 6.0.18

Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.ContextConfig validateSecurityRoles INFO: WARNING: Security role name private used in an <auth-constraint> without being defined in a <security-role>

Mar 8, 2009 7:55:11 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Mar 8, 2009 7:55:11 AM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 695 ms


Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
The message seems very specific and to the point: any role you use in an auth-constraint tag needs to be defined in a security-role tag. You may want to read up on the security-constraint>, auth-constraint and security-role elements of the web.xml file; they're explained in the servlet specification.


Ping & DNS - updated with new look and Ping home screen widget
sameer khazi
Greenhorn

Joined: Sep 05, 2008
Posts: 28
Hi..

Mr Dittmer..

Thank you for you suggestion..

Actually i had not included the <security-role> xml tag in the Application-level "web.xml" file.

i have been able to get the desired out put.

Also need a little bit of clarification on the following..

(1)

<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>

.....

</security-constraint>

(2)

<security-role>

<role-name> tomcat</role-name>

<security-role>

....

</web-app>

We place the sub-element i.e. <role-name> under both the <auth-constraint> and also the <security-role> main xml elements.

does the <role-name> under both these Main xml elements server the same purpose. if yes, then why it( <role-name> ) is being placed at two separate places.

i hope i have made my point clear.

Thank you...







Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39578
    
  27
No, it serves different purposes. Underneath "security-role" it means "I am going to use role XYZ", while underneath security-constraint it means "role X is required to access these URLs". So the difference is like between declaring a variable and using a variable.
sameer khazi
Greenhorn

Joined: Sep 05, 2008
Posts: 28
hi

Thanks Dittmer..

thanks for making the points clear..

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: without being defined in a <security-role>
 
Similar Threads
Apache server 6.0.18 error
Regarding preconfigured tomcat 6.0.16.
jsp:include resource not found
Tomcat not Responding!!
error in struts