You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2006/06/03 01:10:02 UTC

Re: Realm Tag in webappnamecontext.xml

Marc Farrow wrote:
>  <auth-contraint/>

And there is the problem. An empty <auth-constraint> allows
unauthenticated access as per SRV.12.8.1

An empty <auth-constraint> is not the same as an <auth-constraint>
that specifies no roles and therefore denies access to all as per
SRV.12.8.1.


Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Realm Tag in webappnamecontext.xml

Posted by Marc Farrow <ma...@gmail.com>.

Thanks Mark.  I did figure out my configuration problem!

On 6/2/06, Mark Thomas <ma...@apache.org> wrote:
>
> Marc Farrow wrote:
> >  <auth-contraint/>
>
> And there is the problem. An empty <auth-constraint> allows
> unauthenticated access as per SRV.12.8.1
>
> An empty <auth-constraint> is not the same as an <auth-constraint>
> that specifies no roles and therefore denies access to all as per
> SRV.12.8.1.
>
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


-- 
Marc Farrow