You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/18 15:31:53 UTC
DO NOT REPLY [Bug 25625] New: -
Security Restrictions don't apply to initial page
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25625>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25625
Security Restrictions don't apply to initial page
Summary: Security Restrictions don't apply to initial page
Product: Tomcat 5
Version: 5.0.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: cam-cama@princetonsa.com
In Tomcat 5, if you restrict a directory in web.xml, so no user can access
without login:
<security-constraint>
<web-resource-collection>
<web-resource-name>common</web-resource-name>
<url-pattern>/common/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>general</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
and you define your welcome file in that directory
<welcome-file-list>
<welcome-file>/common/examplePage.jsp</welcome-file>
</welcome-file-list>
when you access to your application (Ex: localhost:8080/myApp) it access
directly to examplePage (forgetting the access restriction) BUT if you access
the file directly, the access restriction works
(localhost:8080/myApp/common/examplePage.jsp redirects to your login page)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org