geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Problem deploying web applications that have security-constraints in web.xml but use no authentication and security roles
Date Sun, 06 Aug 2006 06:09:33 GMT
Hi,

I have a web application that has the following security-constraint in the
web.xml

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Secure</web-resource-name>
       <url-pattern>/secure/AuthorizationServlet</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
   </security-constraint>

My application does not use any security roles and does not authenticate
against any security realm.  All this security-constraint does is that the
requests are forwarded to HTTPS port (enabled for ClientAuth) and the
application uses Client Certifcates for authorization.  In G1.0, I could
deploy this application without using a geronimo-web.xml and the application
runs fine.

G1.1 does not allow me to deploy this application without a deployment
plan.  Even with a deployment plan, G1.1 comes back with errors that there
are no security elements in the deployment plan.  The following messages are
displayed in the console.

Deployer operation failed: web.xml for web app
tutorial/cert-auth-sample/1.0/war
 includes security elements but Geronimo deployment plan is not provided or
does
 not contain <security-realm-name> element necessary to configure security
accor
dingly.
org.apache.geronimo.common.DeploymentException: web.xml for web app
tutorial/cer
t-auth-sample/1.0/war includes security elements but Geronimo deployment
plan is
 not provided or does not contain <security-realm-name> element necessary to
con
figure security accordingly.

Clearly, I can not put any security-realm-name and role-mapping elements in
geronimo-web.xml .  If I put a security-realm-name tag and/or role-mappings
to get past the deployment, access to the resource will be denied since I
have not put any auth-constraint tags web.xml

Any suggestions on how to get past this problem?  Or is this a bug in G1.1?

Thanks and regards,
Vamsi

Mime
View raw message