geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anita kulshreshtha <a_kuls...@yahoo.com>
Subject Re: [jira] Commented: (GERONIMO-1585) Web app security on /* causes deployment exception
Date Fri, 10 Feb 2006 03:05:06 GMT
Aaron,
    I have unit tested this on jetty and it is working
on tomcat-server. The change is too small for a patch.

Thanks
Anita

--- "Anita Kulshreshtha (JIRA)"
<dev@geronimo.apache.org> wrote:

>     [
>
http://issues.apache.org/jira/browse/GERONIMO-1585?page=comments#action_12365630
> ] 
> 
> Anita Kulshreshtha commented on GERONIMO-1585:
> ----------------------------------------------
> 
> Aaron could you please add a line pat = "/" as shown
> here in o.a.g.security.util.URLPattern and test if
> your app works.
> 
> public URLPattern(String pat) {
>         if (pat == null)
> t......................................
>         if (pat.length() == 0)
> ...............................................
> 
>         if (pat.equals("/") || pat.equals("/*")) {
>             type = DEFAULT;
>             pat = "/";                         
> <------------------------------        new line 
>  .     .}else
> ............................................
> 
> > Web app security on /* causes deployment exception
> > --------------------------------------------------
> >
> >          Key: GERONIMO-1585
> >          URL:
> http://issues.apache.org/jira/browse/GERONIMO-1585
> >      Project: Geronimo
> >         Type: Bug
> >   Components: web, security
> >     Versions: 1.0
> >  Environment: Geronimo 1.0 with Jetty
> >     Reporter: Aaron Mulder
> >     Priority: Critical
> >      Fix For: 1.0.1, 1.1
> 
> >
> > Deploying a web app with the following security
> block causes a deployment error:
> >     <security-constraint>
> >         <web-resource-collection>
> >             <web-resource-name>All
> Pages</web-resource-name>
> >             <url-pattern>/*</url-pattern>
> >             <http-method>GET</http-method>
> >             <http-method>POST</http-method>
> >             <http-method>PUT</http-method>
> >         </web-resource-collection>
> >         <auth-constraint>
> >             <role-name>User</role-name>
> >         </auth-constraint>
> >     </security-constraint>
> > Note this is essentially right out of the spec
> (see SRV.12.8.2 in the Servlet 2.4 spec).
> > The error is:
> >    
> org.apache.geronimo.common.DeploymentException:
> Unable to initialize webapp GBean
> >         at
>
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:842)
> >         ...
> >     Caused by: java.lang.IllegalArgumentException:
> Qualifier patterns in the URLPatternSpec cannot
> match the first URLPattern
> >         at
>
javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:54)
> >         at
>
javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:54)
> >         at
>
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(JettyModuleBuilder.java:1215)
> >         at
>
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:821)
> >         ... 70 more
> > Changing the url-pattern to / fixes the problem,
> but it seems to me that /* ought to work too.
> 
> -- 
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of
> the administrators:
>   
>
http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
>    http://www.atlassian.com/software/jira
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Mime
View raw message