You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christian Cryder <ch...@granitepeaks.com> on 2002/02/08 23:08:47 UTC

security-constraint problems

Hi folks!

I'm observing a couple of problems with security-constraints, and I'd like
to know wether I'm encountering bugs in Tomcat or simply doing something
stupid. Here are the details: I have a constraint that is setup like this:

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Test</web-resource-name>
        <url-pattern>/servlet/HelloWorld</url-pattern>
        <url-pattern>*.event</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>User</role-name>
      </auth-constraint>
    </security-constraint>

1. URL patterns with wildcards do not seem to be matching. For instance,
given a url of http://localhost:8080/MyApp/GoHome.event, when I use the
following url patterns, I do not get challenged:
        <url-pattern>/*.event</url-pattern>
        <url-pattern>*.event</url-pattern>
If I use the specific url, however:
        <url-pattern>/GoHome.event</url-pattern>
then it does in fact work and I get prompted for user/pwd as expected. So my
question is, am I doing somethign wrong or is this in fact a bug?

2. When I try and access Tomcat directly on port 8080 using
http://localhost:8080/MyApp/servlet/HelloWorld, I get challenged as
expected. When I try to access the exact same URL through IIS using
http://localhost/MyApp/servlet/HelloWorld, I don't get challenged at all; I
just immediately get an access denied error message. If I remove the url
pattern for /servlet/HelloWorld, then I can access it just fine through IIS,
which tells me that the isapi redirection is working ok. Again, am I doing
something wrong, or is this a bug? Should role based authentication work
when integrating Tomcat with IIS?

Thanks,
Christian
----------------------------------------------
Christian Cryder [christianc@atmreports.com]
Internet Architect, ATMReports.com
Barracuda - http://barracuda.enhydra.org
----------------------------------------------
 "What a great time to be a(n employed) Geek"


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>