geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ray Clough <>
Subject Re: security constraint question
Date Sun, 27 Sep 2009 02:41:10 GMT

David, thanks for your reply,

I'm using Geronimo 2.1.4, the latest.  When you mention that you think it
works in 2.2, is that speaking of the future, or a typo?

Here is the a portion of the geronimo-application.xml file:

     		<web-app xmlns=""
    				xmlns:naming="" >

The security element is the same as in geronimo-web.xml which deploys
properly.  The security element in web.xml just prevents direct access to
the specified resources, and is:

		<auth-constraint> </auth-constraint>

I make no claims to understanding geronimo deployment descriptors in detail,
but this seems like this should work.  Am I missing something?

- Ray Clough

djencks wrote:
> Hi Ray, sorry for the delay.
> On Sep 19, 2009, at 5:35 PM, Ray Clough wrote:
>> In my web.xml file I have a security constraint which is intended  
>> simply to block direct access to the jsp, jspx, xhtml files  
>> directly. Here is the snippet from web.xml Unavailable_Raw_Pages  
>> RawPages *.xhtml *.jsp *.jspx *.tiles POST GET PUT DELETE Since no  
>> roles are defined, the content is completely blocked. When I deploy  
>> the app as a WAR file to geronimo, this works well.
> I'm quite surprised at this.  I would expect you would get the same  
> message as you get with an ear.
>> Now when I'm trying to deploy as an EAR, it won't deploy with  
>> message "web.xml for web app XXX.war includes security elements but  
>> Geronimo deployment plan is not provided or does not contain element  
>> necessary to configure security accordingly." I have tried various  
>> different contents in geronimo-application.xml, but I always get the  
>> same error. The app uses custom security, and I do not have any  
>> security realm defined on Geronimo. Can I do this, and if so, how?  
>> Thanks, - Ray Clough
> I'm pretty sure you need the <security/> element but I don't think you  
> need anything inside.  I don't recall if you need a security realm or  
> not.  As you say, you shouldn't really.  I think I remember making  
> this scenario work in 2.2 some time ago: it may not work in 2.1.x.
> I don't suppose you have a simple app to demonstrate the behavior?
> thanks
> david jencks
>> View this message in context: security constraint question
>> Sent from the Apache Geronimo - Users mailing list archive at  

View this message in context:
Sent from the Apache Geronimo - Users mailing list archive at

View raw message