You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Brandon Goodin <ma...@phase.ws> on 2004/02/23 07:53:53 UTC

security constraint bug?

I have the following security constraint specified in my web.xml:

 

<security-constraint>

    <web-resource-collection>

        <web-resource-name>Customer Area</web-resource-name>

        <url-pattern>/customer/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

        <role-name>customer</role-name>

    </auth-constraint>

</security-constraint>

 

When I go to the following url it gets blocked.

 

http://phase.zapto.org:8282/customer.do

 

I'm assuming this is a bug. Is it not?

 

I'm using Tomcat 5.0.18

 

Brandon Goodin

Re: security constraint bug?

Posted by Bill Barker <wb...@wilshire.com>.

"Brandon Goodin" <ma...@phase.ws> wrote in message
news:200402230550.i1N5oWMP010515@gh-mail.centurytel.net...
> I have the following security constraint specified in my web.xml:
>
>
>
> <security-constraint>
>
>     <web-resource-collection>
>
>         <web-resource-name>Customer Area</web-resource-name>
>
>         <url-pattern>/customer/*</url-pattern>
>
>     </web-resource-collection>
>
>     <auth-constraint>
>
>         <role-name>customer</role-name>
>
>     </auth-constraint>
>
> </security-constraint>
>
>
>
> When I go to the following url it gets blocked.
>
>
>
> http://phase.zapto.org:8282/customer.do
>
>
>
> I'm assuming this is a bug. Is it not?
>

It's a bug, which is fixed in 5.0.19.

>
>
> I'm using Tomcat 5.0.18
>
>
>
> Brandon Goodin
>
>
>
>
>
>




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org