You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/05/13 11:29:15 UTC
DO NOT REPLY [Bug 9023] New: -
Servlet Container does not convert the roles, which wherer specified in the Element
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9023>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9023
Servlet Container does not convert the roles, which wherer specified in the Element <security-role-ref>
Summary: Servlet Container does not convert the roles, which
wherer specified in the Element <security-role-ref>
Product: Tomcat 4
Version: 4.0.1 Final
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Normal
Priority: Other
Component: Servlet & JSP API
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: markus.ide@ejbguru.de
The Tomcat Servlet Container does not convert the roles, which where specified
in the Element <security-role-ref>.
The following test szenario could be used to detect the error.
1.) insert the JSP test.jsp in an web-archive
2.) modify the deployment descriptor as shown
3.) start the tomcat server
4.) request the JSP and login as tomcat/tomcat or both/tomcat. The output is
always false for the method isUserInrole.
----------------------------------------------------------------------------
JSP Testfile: 'test.jsp'
----------------------------------------------------------------------------
<html>
<head>
<title>test</title>
</head>
<body>
<p>
User is in referenced roleAlias1?
<%= request.isUserInRole("roleAlias1") %>
</p>
<p>
User is in referenced roleAlias2?
<%= request.isUserInRole("roleAlias2") %>
</p>
</body>
</html>
-----------------------------------------------------------------------------
WEB.XML:
-----------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>RoleReference</servlet-name>
<jsp-file>/test.jsp</jsp-file>
<security-role-ref>
<role-name>roleAlias1</role-name>
<role-link>role1</role-link>
</security-role-ref>
<security-role-ref>
<role-name>roleAlias2</role-name>
<role-link>tomcat</role-link>
</security-role-ref>
</servlet>
<security-constraint>
<display-name>test</display-name>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-name>
<url-pattern>/test.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
</web-app>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>