You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Jian Liao (JIRA)" <je...@portals.apache.org> on 2006/02/17 06:25:51 UTC
[jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned to
client browser when any user that doesn't have admin role attempts to log
in
[ http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12366750 ]
Jian Liao commented on JS2-496:
-------------------------------
There is a bug fix in Tomcat 5.5.15(http://issues.apache.org/bugzilla/show_bug.cgi?id=37852) which cause this problem.
I encounter this issue when I'm working on integration J2 with geronimo, too(http://comments.gmane.org/gmane.comp.java.geronimo.devel/22704). Geronimo has the same behavior as Tomcat 5.5.15. IMHO, it is time for J2 to fix this bug in web.xml by declaring all the security roles in web.xml.
If you're interesting in JS2-444, download the latest package(geronimo-jetspeed12.zip), you should find that we declare all the security roles in web.xml(app-servers/geronimo/jetspeed-war/src/webapp/WEB-INF).
HTH,
- Jian Liao
> J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin role attempts to log in
> -----------------------------------------------------------------------------------------------------------------
>
> Key: JS2-496
> URL: http://issues.apache.org/jira/browse/JS2-496
> Project: Jetspeed 2
> Type: Bug
> Components: Security
> Versions: 2.0-FINAL
> Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3)
> Reporter: Aaron Evans
>
> When J2 is deployed on tomcat 5.5.15, whenever any user that does not have the admin role logs in, a 403 is returned for the URI /login/redirector.
> This does not occur on earlier releases of tomcat (5.5.9 for example).
> The user is in fact authenticated, for if you delete the /login/redirector from the URL in the browser and refresh, then the main page of the portal is shown and the user is authenticated.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org