kindly help me out in finding out the exact problem with the following error message from the file "catalina" of the Log directory of Tomcat 6.0.18
Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.ContextConfig validateSecurityRoles INFO: WARNING: Security role name private used in an <auth-constraint> without being defined in a <security-role>
Mar 8, 2009 7:55:11 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Mar 8, 2009 7:55:11 AM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 Mar 8, 2009 7:55:11 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 695 ms
The message seems very specific and to the point: any role you use in an auth-constraint tag needs to be defined in a security-role tag. You may want to read up on the security-constraint>, auth-constraint and security-role elements of the web.xml file; they're explained in the servlet specification.
We place the sub-element i.e. <role-name> under both the <auth-constraint> and also the <security-role> main xml elements.
does the <role-name> under both these Main xml elements server the same purpose. if yes, then why it( <role-name> ) is being placed at two separate places.
i hope i have made my point clear.
Joined: Mar 22, 2005
No, it serves different purposes. Underneath "security-role" it means "I am going to use role XYZ", while underneath security-constraint it means "role X is required to access these URLs". So the difference is like between declaring a variable and using a variable.