You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/02/18 16:17:56 UTC
DO NOT REPLY [Bug 6525] New: -
When deploying a web-app (as WAR or directory under Web-Apps) complex security-constraint in web.xml is ignored
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6525>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6525
When deploying a web-app (as WAR or directory under Web-Apps) complex security-constraint in web.xml is ignored
Summary: When deploying a web-app (as WAR or directory under Web-
Apps) complex security-constraint in web.xml is ignored
Product: Tomcat 4
Version: 4.0.2 Final
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: edson.richter@econet-sw.com.br
When using following rules to secure a app
<security-constraint>
<web-resource-collection>
<web-resource-name>Sistema Quest - �rea Segura</web-
resource-name>
<url-pattern>/seguro/index.jsp</url-pattern>
<url-pattern>/seguro/categoria/*</url-pattern>
<url-pattern>/seguro/edicao/*</url-pattern>
<url-pattern>/seguro/entrevistado/*</url-pattern>
<url-pattern>/seguro/formulario/*</url-pattern>
<url-pattern>/seguro/itemFormulario/*</url-pattern>
<url-pattern>/seguro/tabela/*</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.CategoriaServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.EdicaoServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.EntrevistadoServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.FormularioServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.FormularioItemServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.ItemFormularioServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.TabelaItemServlet</url-pattern>
<url-
pattern>/servlet/br.com.econet.forme.servlet.TabelaServlet</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>questEditor</role-name>
<role-name>questAdministrador</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Sistema Quest - �rea Segura</web-
resource-name>
<url-pattern>/seguro/*</url-pattern>
<url-pattern>/servlet/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>questAdministrador</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
I get following error when conecting with role questEditor:
Apache Tomcat/4.0.2 - HTTP Status 403 - Access to the requested resource has
been denied
--------------------------------------------------------------------------------
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource
has been denied) has been forbidden.
And see: I have configured an <form-error-page> for <login-config>:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Sistema QUEST</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginErro.jsp</form-error-page>
</form-login-config>
</login-config>
The exactly same application described here works fine with HP-AS.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>