You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Enrique Perez <pe...@dit.upm.es> on 2006/07/11 14:59:15 UTC

Re: Login Proxy Problem

Hi,

I have some questions:
Are these roles the ones defined for Tomcat or defined in J2??
In case they are defined in J2, if new roles are defined, they must be
added to the auth-constraint list also??

Thanks,
Enrique


 
> Thanks Akshay. It does work.  
> Yiguang  
> 
> > -----Original Message-----  
> > From: Akshay Ahooja [mailto:akshayahooja@gmai...
<http://www.opensubscriber.com/sendEmail.os?message=4276758&inline=0> ]

> > Sent: Tuesday, June 20, 2006 10:13 PM  
> > To: Jetspeed Users List  
> > Subject: Re: login proxy problem  
> >
> > If you are using a newer version of Tomcat it will do that to you
unless  
you  
> > explicitly define your user roles:  
> >  
> > In web.xml under <security-constraint>  
> >  
> > Instead of:  
> > <auth-constraint>  
> > <role-name>*</role-name>  
> > </auth-constraint>  
> > 
> > Change to:  
> > <auth-constraint>  
> > <role-name>admin</role-name>  
> >  <role-name>user</role-name>  
> >  <role-name>manager</role-name>  
> > </auth-constraint>  
> > 
> > And then try it - it should work...  
> > 
> > HTH,  
> > 
> > Akshay

Re: Login Proxy Problem

Posted by Aaron Evans <aa...@gmail.com>.

I would suggest filing a bug for this then (if there isn't one already).

On 7/12/06, Enrique Perez <pe...@dit.upm.es> wrote:
> Hi Aaron,
>
>
>
> Yes, Tomcat 5.5.12 works fine with the "wild-card" character for roles.
>
>
>
> But as far as I can understand from <a
> href="http://www.nabble.com/auth-constraint-in-web.xml-in-tomcat-5.5.15-
> tf1054280.html#a2742541" target="_blank">this post</a> in the tomcat's
> user mailing list, there is nothing to be fixed (sorry, but sometimes my
> English is not as good as I would like it to be, and maybe I'm wrong).
>
>
>
> The solution suggested there is to create a general role where all users
> are included and use this general role instead of the role "*".
>
>
>
> Regards,
>
> Enrique
>
>
>
>
>
> > -----Mensaje original-----
>
> > De: Aaron Evans [mailto:aaronmevans@gmail.com]
>
> > Enviado el: martes, 11 de julio de 2006 15:08
>
> > Para: Jetspeed Users List
>
> > Asunto: Re: Login Proxy Problem
>
> >
>
> > They are J2 roles, although it can be helpful for them to overlap with
>
> > tomcat roles as well if you have SSO configured and you want to use
>
> > tomcat's manager application.
>
> >
>
> > And yes, if you are using a tomcat version >= 5.5.12 (I think) and you
>
> > define new J2 roles, you will need to add them AFAIK.  That is, unless
>
> > they have fixed this issue in tomcat.
>
> >
>
> > I am using an older version of tomcat (5.5.9) so in my case, I do not
>
> > have to do this.  The <role-name>*</role-name> works fine for me.
>
> >
>
> >
>
> >
>
> > On 7/11/06, Enrique Perez <pe...@dit.upm.es> wrote:
>
> > > Hi,
>
> > >
>
> > > I have some questions:
>
> > > Are these roles the ones defined for Tomcat or defined in J2??
>
> > > In case they are defined in J2, if new roles are defined, they must
> be
>
> > > added to the auth-constraint list also??
>
> > >
>
> > > Thanks,
>
> > > Enrique
>
> > >
>
> > >
>
> > >
>
> > > > Thanks Akshay. It does work.
>
> > > > Yiguang
>
> > > >
>
> > > > > -----Original Message-----
>
> > > > > From: Akshay Ahooja [mailto:akshayahooja@gmai...
>
> > >
> <http://www.opensubscriber.com/sendEmail.os?message=4276758&inline=0> ]
>
> > >
>
> > > > > Sent: Tuesday, June 20, 2006 10:13 PM
>
> > > > > To: Jetspeed Users List
>
> > > > > Subject: Re: login proxy problem
>
> > > > >
>
> > > > > If you are using a newer version of Tomcat it will do that to
> you
>
> > > unless
>
> > > you
>
> > > > > explicitly define your user roles:
>
> > > > >
>
> > > > > In web.xml under <security-constraint>
>
> > > > >
>
> > > > > Instead of:
>
> > > > > <auth-constraint>
>
> > > > > <role-name>*</role-name>
>
> > > > > </auth-constraint>
>
> > > > >
>
> > > > > Change to:
>
> > > > > <auth-constraint>
>
> > > > > <role-name>admin</role-name>
>
> > > > >  <role-name>user</role-name>
>
> > > > >  <role-name>manager</role-name>
>
> > > > > </auth-constraint>
>
> > > > >
>
> > > > > And then try it - it should work...
>
> > > > >
>
> > > > > HTH,
>
> > > > >
>
> > > > > Akshay
>
> > >
>
> > >
>
> > >
>
> >
>
> > ---------------------------------------------------------------------
>
> > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
>
> > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

RE: Login Proxy Problem

Posted by Enrique Perez <pe...@dit.upm.es>.

Hi Aaron,

 

Yes, Tomcat 5.5.12 works fine with the "wild-card" character for roles.

 

But as far as I can understand from <a
href="http://www.nabble.com/auth-constraint-in-web.xml-in-tomcat-5.5.15-
tf1054280.html#a2742541" target="_blank">this post</a> in the tomcat's
user mailing list, there is nothing to be fixed (sorry, but sometimes my
English is not as good as I would like it to be, and maybe I'm wrong).

 

The solution suggested there is to create a general role where all users
are included and use this general role instead of the role "*".

 

Regards,

Enrique

 

 

> -----Mensaje original-----

> De: Aaron Evans [mailto:aaronmevans@gmail.com]

> Enviado el: martes, 11 de julio de 2006 15:08

> Para: Jetspeed Users List

> Asunto: Re: Login Proxy Problem

> 

> They are J2 roles, although it can be helpful for them to overlap with

> tomcat roles as well if you have SSO configured and you want to use

> tomcat's manager application.

> 

> And yes, if you are using a tomcat version >= 5.5.12 (I think) and you

> define new J2 roles, you will need to add them AFAIK.  That is, unless

> they have fixed this issue in tomcat.

> 

> I am using an older version of tomcat (5.5.9) so in my case, I do not

> have to do this.  The <role-name>*</role-name> works fine for me.

> 

> 

> 

> On 7/11/06, Enrique Perez <pe...@dit.upm.es> wrote:

> > Hi,

> >

> > I have some questions:

> > Are these roles the ones defined for Tomcat or defined in J2??

> > In case they are defined in J2, if new roles are defined, they must
be

> > added to the auth-constraint list also??

> >

> > Thanks,

> > Enrique

> >

> >

> >

> > > Thanks Akshay. It does work.

> > > Yiguang

> > >

> > > > -----Original Message-----

> > > > From: Akshay Ahooja [mailto:akshayahooja@gmai...

> >
<http://www.opensubscriber.com/sendEmail.os?message=4276758&inline=0> ]

> >

> > > > Sent: Tuesday, June 20, 2006 10:13 PM

> > > > To: Jetspeed Users List

> > > > Subject: Re: login proxy problem

> > > >

> > > > If you are using a newer version of Tomcat it will do that to
you

> > unless

> > you

> > > > explicitly define your user roles:

> > > >

> > > > In web.xml under <security-constraint>

> > > >

> > > > Instead of:

> > > > <auth-constraint>

> > > > <role-name>*</role-name>

> > > > </auth-constraint>

> > > >

> > > > Change to:

> > > > <auth-constraint>

> > > > <role-name>admin</role-name>

> > > >  <role-name>user</role-name>

> > > >  <role-name>manager</role-name>

> > > > </auth-constraint>

> > > >

> > > > And then try it - it should work...

> > > >

> > > > HTH,

> > > >

> > > > Akshay

> >

> >

> >

> 

> ---------------------------------------------------------------------

> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org

> For additional commands, e-mail: jetspeed-user-help@portals.apache.org

Re: Login Proxy Problem

Posted by Aaron Evans <aa...@gmail.com>.

They are J2 roles, although it can be helpful for them to overlap with
tomcat roles as well if you have SSO configured and you want to use
tomcat's manager application.

And yes, if you are using a tomcat version >= 5.5.12 (I think) and you
define new J2 roles, you will need to add them AFAIK.  That is, unless
they have fixed this issue in tomcat.

I am using an older version of tomcat (5.5.9) so in my case, I do not
have to do this.  The <role-name>*</role-name> works fine for me.



On 7/11/06, Enrique Perez <pe...@dit.upm.es> wrote:
> Hi,
>
> I have some questions:
> Are these roles the ones defined for Tomcat or defined in J2??
> In case they are defined in J2, if new roles are defined, they must be
> added to the auth-constraint list also??
>
> Thanks,
> Enrique
>
>
>
> > Thanks Akshay. It does work.
> > Yiguang
> >
> > > -----Original Message-----
> > > From: Akshay Ahooja [mailto:akshayahooja@gmai...
> <http://www.opensubscriber.com/sendEmail.os?message=4276758&inline=0> ]
>
> > > Sent: Tuesday, June 20, 2006 10:13 PM
> > > To: Jetspeed Users List
> > > Subject: Re: login proxy problem
> > >
> > > If you are using a newer version of Tomcat it will do that to you
> unless
> you
> > > explicitly define your user roles:
> > >
> > > In web.xml under <security-constraint>
> > >
> > > Instead of:
> > > <auth-constraint>
> > > <role-name>*</role-name>
> > > </auth-constraint>
> > >
> > > Change to:
> > > <auth-constraint>
> > > <role-name>admin</role-name>
> > >  <role-name>user</role-name>
> > >  <role-name>manager</role-name>
> > > </auth-constraint>
> > >
> > > And then try it - it should work...
> > >
> > > HTH,
> > >
> > > Akshay
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org