You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Dr. Martin Menzel (FB Physik, Uni Kaiserslautern)" <me...@physik.uni-kl.de> on 2000/05/03 18:22:08 UTC
Re: Two authentication bugs
Hi,
could you protect a servlet at all with your security constraint? Or did
you
only try you protect XML, HTML and JSP Files?
Martin
----- Original Message -----
From: "Robin Green" <gr...@hotmail.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, May 03, 2000 6:56 PM
Subject: Two authentication bugs
> My configuration is
>
> Tomcat 3.1
> Cocoon 1.7.1-dev
> Solaris 7
>
> I have set up two BASIC authentication zones for development purposes in
> build/tomcat/conf/web.xml as follows:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Administrator Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/admin/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Members Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/users/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>admin</role-name>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
>
> The relevant context from server2.xml is
>
> <Context path="/fyp" docBase="/home/ufs1/12/greenrd/fyp/public"
> debug="1"
> reloadable="true" />
>
> However, when I log in correctly:
>
> Bug 1: the servlet mapping which states that *.xml files are to be handled
> by Cocoon is broken inside these security zones (but not outside). Instead
> it returns the .xml file directly to Internet Explorer.
>
> Bug 2: http://myhost/fyp/users/foobar.xml causes Tomcat to fetch
> ~/fyp/public/foobar.xml not ~/fyp/public/users/foobar.xml as it should. So
I
> tried http://myhost/fyp/users/users/ and this gave me a directory listing
> starting with
>
> Directory Listing for: /fyp/users/users/
> Up to: /fyp/users
>
>
> which is _actually_ a directory listing for ~/fyp/public/users (it should
> have 404ed). Clearly the path for the zone is being stripped from the URI,
> which makes no sense. ( ~ indicates my home dir, /home/ufs1/12/greenrd ).
>
> There are no operating-system symbolic links involved. There is no WEB-INF
> directory under ~/fyp/public . If I create one and copy web.xml to
> ~/fyp/public/WEB-INF and restart tomcat, same two bugs occur.
>
> I really don't want to reorganise all my links to work around this bug.
> Suggestions?
>
> --
> Robin
>
> 270+ Open Source Java links!
>
http://directory.mozilla.org/Computers/Programming/Languages/Java/Open_Sourc
e/
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org
>