You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Igor Fedulov <if...@outlook.net> on 2002/02/05 21:31:07 UTC
Is it a BUG? (Tomcat Web Server v3.2 (final))
Hello All:
I'm new to this list, so please forgive me if I post something which was
posted before. I tried to search
http://www.mail-archive.com/tomcat-user@jakarta.apache.org/ and come up
with nothing.
Environment:
1. Netbeans 3.3.1 with built in Tomcat 3.2 server
2. web.xml fragment:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description>Security constraint for resources in
the secure directory</description>
<url-pattern>/secure/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>only let the system user login
</description>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<description>SSL not required</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.html</form-login-page>
<form-error-page>/LoginError.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Admin ROLE</description>
<role-name>admin</role-name>
</security-role>
3. Problem:
a. request such as http://localhost:8080/secure getting routed to
/LoginForm.html as described in web.xml which is cool and what I want.
b. request such as http://localhost:8080//secure returns directory
listing of secure directory without auth...
If this is fixed or known bug please let me know.
Thanks!
--
Best regards,
--
HTTP is a stateless protocol, and the Internet is a stateless development
environment
--
Igor Fedulov
E-mail : ifedulov@outlook.net
Work Ph: 773.775.1595
Home Ph: 773.281.8938
Cell Ph: 773.580.5935
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>