You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2006/10/13 00:20:39 UTC

[jira] Resolved: (JS2-526) JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat

     [ http://issues.apache.org/jira/browse/JS2-526?page=all ]

David Sean Taylor resolved JS2-526.
-----------------------------------

    Fix Version/s: 2.1-dev
       Resolution: Fixed

patch applied.

> JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat
> -----------------------------------------------------------------------------------
>
>                 Key: JS2-526
>                 URL: http://issues.apache.org/jira/browse/JS2-526
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1-dev
>         Environment: Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev (sources)
>            Reporter: Bruno Marti
>         Assigned To: David Sean Taylor
>            Priority: Minor
>             Fix For: 2.1-dev
>
>         Attachments: security.patch.txt
>
>
> I've built my own portal from the 2.1-dev sources.
> The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
> Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
> (seems like the same problem in Issue JS2-496: http://issues.apache.org/jira/browse/JS2-496)
> If I'm manually adding the following role-name in portal's web.xml, it works fine, on both tomcat and jboss servers:
>   <role-name>*</role-name>
> here the new full constraint entry:
> ...
> 	<!-- Protect LogInRedirectory.jsp.  This will require a login when called -->
> 	<security-constraint>
> 		<web-resource-collection>
> 			<web-resource-name>Login</web-resource-name>
> 			<url-pattern>/login/redirector</url-pattern>
> 		</web-resource-collection>
> 		<auth-constraint>
> 			<!-- the required portal user role name defined in: -->
> 			<!-- /WEB-INF/assembly/security-atn.xml             -->
> 			<role-name>portal-user</role-name>
> 			<role-name>*</role-name>
> 		</auth-constraint>
> 	</security-constraint>
> ...
> Is this quite correct or do I have a security problem now?
> Or is there a bug in JBoss?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org