You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/10/23 02:30:12 UTC
DO NOT REPLY [Bug 13861] New: -
Authentication / SSL conflict (web.xml security-constraint auth-constraint user-data-constraint)
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint user-data-constraint)
Summary: Authentication / SSL conflict (web.xml security-
constraint auth-constraint user-data-constraint)
Product: Tomcat 4
Version: 4.1.12
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Blocker
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: ttps@pacbell.net
Into the original /examples/WEB-INF/web.xml file, I added the following
security constraint just before the Example Security Constraint.
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected by tomcat role and SSL</web-resource-name>
<url-pattern>/jsp/snp/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
No other changes to this web.xml file were made.
Now, my browser hangs when I try to access
http://localhost:8080/examples/jsp/snp/snoop.jsp.
It appears that Catalina cannot redirect to login.jsp and
change to port 8443 at the same time.
If I remove the <auth-constraint> tag, SSL works fine.
If I remove the <user-data-constraint> tag, authentication works fine.
How can I get them to BOTH work at the same time?
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>