You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christian Cryder <ch...@granitepeaks.com> on 2002/02/08 23:08:47 UTC
security-constraint problems
Hi folks!
I'm observing a couple of problems with security-constraints, and I'd like
to know wether I'm encountering bugs in Tomcat or simply doing something
stupid. Here are the details: I have a constraint that is setup like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/servlet/HelloWorld</url-pattern>
<url-pattern>*.event</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
1. URL patterns with wildcards do not seem to be matching. For instance,
given a url of http://localhost:8080/MyApp/GoHome.event, when I use the
following url patterns, I do not get challenged:
<url-pattern>/*.event</url-pattern>
<url-pattern>*.event</url-pattern>
If I use the specific url, however:
<url-pattern>/GoHome.event</url-pattern>
then it does in fact work and I get prompted for user/pwd as expected. So my
question is, am I doing somethign wrong or is this in fact a bug?
2. When I try and access Tomcat directly on port 8080 using
http://localhost:8080/MyApp/servlet/HelloWorld, I get challenged as
expected. When I try to access the exact same URL through IIS using
http://localhost/MyApp/servlet/HelloWorld, I don't get challenged at all; I
just immediately get an access denied error message. If I remove the url
pattern for /servlet/HelloWorld, then I can access it just fine through IIS,
which tells me that the isapi redirection is working ok. Again, am I doing
something wrong, or is this a bug? Should role based authentication work
when integrating Tomcat with IIS?
Thanks,
Christian
----------------------------------------------
Christian Cryder [christianc@atmreports.com]
Internet Architect, ATMReports.com
Barracuda - http://barracuda.enhydra.org
----------------------------------------------
"What a great time to be a(n employed) Geek"
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>