You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2006/10/13 00:20:36 UTC
[jira] Assigned: (JS2-526) JBoss web.xml entry for
security-constraint login/redirector wont work under Tomcat
[ http://issues.apache.org/jira/browse/JS2-526?page=all ]
David Sean Taylor reassigned JS2-526:
-------------------------------------
Assignee: David Sean Taylor
> JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat
> -----------------------------------------------------------------------------------
>
> Key: JS2-526
> URL: http://issues.apache.org/jira/browse/JS2-526
> Project: Jetspeed 2
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.1-dev
> Environment: Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev (sources)
> Reporter: Bruno Marti
> Assigned To: David Sean Taylor
> Priority: Minor
> Fix For: 2.1-dev
>
> Attachments: security.patch.txt
>
>
> I've built my own portal from the 2.1-dev sources.
> The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
> Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
> (seems like the same problem in Issue JS2-496: http://issues.apache.org/jira/browse/JS2-496)
> If I'm manually adding the following role-name in portal's web.xml, it works fine, on both tomcat and jboss servers:
> <role-name>*</role-name>
> here the new full constraint entry:
> ...
> <!-- Protect LogInRedirectory.jsp. This will require a login when called -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Login</web-resource-name>
> <url-pattern>/login/redirector</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <!-- the required portal user role name defined in: -->
> <!-- /WEB-INF/assembly/security-atn.xml -->
> <role-name>portal-user</role-name>
> <role-name>*</role-name>
> </auth-constraint>
> </security-constraint>
> ...
> Is this quite correct or do I have a security problem now?
> Or is there a bug in JBoss?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org