By Date:	<-- -->
By Thread:	<-- -->

auth-constraint in web.xml in tomcat 5.5.15

From: Mark Thomas <markt (at) apache.org>
Date: Fri, 03 Feb 2006 17:54:35 +0000

Oliver Kohll wrote:
> Hi,
> 
> I have security for a web application managed by a DataSource  database
> realm. Using tomcat 5.5.14 this works fine but in 5.5.15  there seems to
> be a problem.

> The problem seems to be the <role-name>*</role-name> line. If I put a 
> specific role in, users in that role can log in but the * wildcard 
> doesn't work. A 403 HTTP rejection is issued if the user inputs a 
> correct username and password (if they put in the wrong username/
> password, it prompts again as expected). As users themselves can add 
> roles to the database, I don't know what the roles may be so I have  to
> use the wildcard.

The special role "*" means all roles specified in web.xml. It does not
mean all roles specified in the realm nor does it mean all
authenticated users.

The fix for 15570 was to correctly handle "*". It used to be
interpreted as all authenticated users. It is now correctly
interpreted as all roles defined in web.xml.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe (at) tomcat.apache.org
For additional commands, e-mail: users-help (at) tomcat.apache.org

Follow-Ups:
- auth-constraint in web.xml in tomcat 5.5.15
  - From: Oliver Kohll <oliver (at) gtwm.co.uk>
- auth-constraint in web.xml in tomcat 5.5.15
  - From: David Delbecq <delbd (at) oma.be>

References:
- auth-constraint in web.xml in tomcat 5.5.15
  - From: Oliver Kohll <oliver (at) gtwm.co.uk>

Prev by Date: CRL on Tomcat Tomcat/5.5.15
Next by Date: - finding the Mavens in the Java world
Previous by thread: auth-constraint in web.xml in tomcat 5.5.15
Next by thread: auth-constraint in web.xml in tomcat 5.5.15
Index(es):
- Main
- Thread