geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: security constraint question
Date Tue, 22 Sep 2009 07:28:34 GMT
Hi Ray, sorry for the delay.

On Sep 19, 2009, at 5:35 PM, Ray Clough wrote:

> In my web.xml file I have a security constraint which is intended  
> simply to block direct access to the jsp, jspx, xhtml files  
> directly. Here is the snippet from web.xml Unavailable_Raw_Pages  
> RawPages *.xhtml *.jsp *.jspx *.tiles POST GET PUT DELETE Since no  
> roles are defined, the content is completely blocked. When I deploy  
> the app as a WAR file to geronimo, this works well.

I'm quite surprised at this.  I would expect you would get the same  
message as you get with an ear.

> Now when I'm trying to deploy as an EAR, it won't deploy with  
> message "web.xml for web app XXX.war includes security elements but  
> Geronimo deployment plan is not provided or does not contain element  
> necessary to configure security accordingly." I have tried various  
> different contents in geronimo-application.xml, but I always get the  
> same error. The app uses custom security, and I do not have any  
> security realm defined on Geronimo. Can I do this, and if so, how?  
> Thanks, - Ray Clough

I'm pretty sure you need the <security/> element but I don't think you  
need anything inside.  I don't recall if you need a security realm or  
not.  As you say, you shouldn't really.  I think I remember making  
this scenario work in 2.2 some time ago: it may not work in 2.1.x.

I don't suppose you have a simple app to demonstrate the behavior?

david jencks

> View this message in context: security constraint question
> Sent from the Apache Geronimo - Users mailing list archive at  

View raw message