• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Is it Tomcat's Bug or My Mistake

 
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My web.xml is listed below. I tested with tomcat 5.0.29 and requested /first.jsp. I was prompted with a login prompt and I entered the password for an account with "admin" role. Unexpectedly, the /first.jsp was displayed!!

My understanding is that this should not had happen because I used <auth-contraint /> in my second <security-contraint>. Could anyone help me to spot any mistake I may have made.

Thx

<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<!-- security-constran -->
<security-constraint>
<web-resource-collection>
<web-resource-name>hello</web-resource-name>
<url-pattern>/first.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>ss</web-resource-name>
<url-pattern>/first.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>

<!-- <login-config> -->
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<!-- <security-role> -->
<security-role>
<role-name>admin</role-name>
<role-name>tomcat</role-name>
</security-role>
<!-- <welcome-file-list> -->
<!-- <filter> -->
</web-app>
 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Seems to be Tomcat bug
 
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How did <role-name> map to the security "realm" ?

You might want to add these and see how it behaves:

<tomcat-users>

<role rolename="admin"/>
<role rolename="user"/>


<user username="myName" password="myPassword" roles="admin, user" />
<user username="yourName" password="yourPassword" roles="admin" />

</tomcat-users>

Esam
[ September 16, 2005: Message edited by: Esam Ahmed ]
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic