You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cactus-dev@jakarta.apache.org by Vincent Massol <vm...@pivolis.com> on 2003/05/23 21:19:06 UTC
Tests involving security checks and the new Cactus/Ant integration
Hi,
In our previous Ant integration we were bundling the security mappings
in the cactus-provided web.xml file (which was merged to the user's
web.xml file).
With our new strategy, I don't think it makes sense to do that
anymore... and it seems it is not done from what I've seen (Chris,
correct me if I'm wrong here).
However, I've noticed we were packaging some container config files
related to security, such as Tomcat's tomcat-users.xml, etc.
Shouldn't we removed these files from the ant integration packaging?
Other related questions:
- Shouldn't we also provide default security-protected redirectors, in
addition to the default non-protected ones so that tests who need
security can use the WebRequest.setRedirectorName() API?
- Or, if not, how do we allow users to secure the redirectors?
Thanks
-Vincent
---------------------------------------------------------------------
To unsubscribe, e-mail: cactus-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: cactus-dev-help@jakarta.apache.org
Re: Tests involving security checks and the new Cactus/Ant integration
Posted by Christopher Lenz <cm...@gmx.de>.
Vincent Massol wrote:
> Hi,
>
> In our previous Ant integration we were bundling the security mappings
> in the cactus-provided web.xml file (which was merged to the user's
> web.xml file).
>
> With our new strategy, I don't think it makes sense to do that
> anymore... and it seems it is not done from what I've seen (Chris,
> correct me if I'm wrong here).
The web.xml file is bundled with the servlet-sample now. It contains
stuff like the security constraints and the custom init-parameters for
the redirectors. These definitions get merged into the cactified WAR due
to the 'mergewebxml' attribute of the <cactifywar> task.
> However, I've noticed we were packaging some container config files
> related to security, such as Tomcat's tomcat-users.xml, etc.
>
> Shouldn't we removed these files from the ant integration packaging?
Actually, I'd like too. But then we need to provide good alternatives.
> Other related questions:
>
> - Shouldn't we also provide default security-protected redirectors, in
> addition to the default non-protected ones so that tests who need
> security can use the WebRequest.setRedirectorName() API?
>
> - Or, if not, how do we allow users to secure the redirectors?
See above. This should be possible by using the 'mergewebxml' attribute
of <cactifywar> to specify security-constraints for the redirectors.
However, we should probably provide better support for non-trivial
configurations in <cactifywar>. Ideas welcome :-)
--
Christopher Lenz
/=/ cmlenz at gmx.de
---------------------------------------------------------------------
To unsubscribe, e-mail: cactus-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: cactus-dev-help@jakarta.apache.org