You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2009/03/02 17:49:10 UTC
Re: Request not forwarded to login page with security-constraint
after session time-out
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marcel,
On 2/27/2009 5:17 PM, Marcel Stör wrote:
>
> On 27.02.2009, at 17:38, Christopher Schultz wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chuck,
>>
>> On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
>>>> From: Mark Thomas [mailto:markt@apache.org] Subject: Re: Request
>>>> not forwarded to login page with security-constraint after session
>>>> time-out
>>>>
>>>> The spec is clearer than that. The "*" role == all roles defined in
>>>> web.xml.
>>>
>>> Yes, but what it's not clear about is what happens when there are
>>> *no* roles defined in web.xml, which is the situation the OP has.
>>
>> It's worse than that: he has no roles table defined, so he gets
>> SQLExceptions during authorization.
>
>
> [OT]
> Yes, indeed.
> I had expected that Tomcat would handle this more gracefully. I find it
> odd that JDBCRealm does try to run a query against the role table
> without checking first if one has even been defined. This is
> particularly annoying because the <Realm> tag in context.xml cannot be
> validated against a DTD or schema -> from a configuration point of view
> I'm not required to define it.
Patches are always welcome :)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkmsDgYACgkQ9CaO5/Lv0PDrGwCgvcKAeb9tIPqIRGmAgw2ClvTl
0qAAoMQhP6hh/VorqRKMyy4gR62pVbMw
=BSPA
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org