You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/10/23 02:30:12 UTC

DO NOT REPLY [Bug 13861] New: - Authentication / SSL conflict (web.xml security-constraint auth-constraint user-data-constraint)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861

Authentication / SSL conflict (web.xml security-constraint auth-constraint user-data-constraint)

           Summary: Authentication / SSL conflict (web.xml security-
                    constraint auth-constraint user-data-constraint)
           Product: Tomcat 4
           Version: 4.1.12
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: ttps@pacbell.net


Into the original /examples/WEB-INF/web.xml file, I added the following
security constraint just before the Example Security Constraint.

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Protected by tomcat role and SSL</web-resource-name>
         <url-pattern>/jsp/snp/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <role-name>tomcat</role-name>
      </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>

No other changes to this web.xml file were made.

Now, my browser hangs when I try to access 
http://localhost:8080/examples/jsp/snp/snoop.jsp.
It appears that Catalina cannot redirect to login.jsp and
change to port 8443 at the same time.

If I remove the <auth-constraint> tag, SSL works fine.

If I remove the <user-data-constraint> tag, authentication works fine.

How can I get them to BOTH work at the same time?

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>