jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Raible <m...@raibledesigns.com>
Subject servletredirector and roles attributes - doesn't add the ones from web.xml
Date Thu, 08 Jan 2004 14:08:57 GMT
I have two roles in my application - user and admin.  If I have 
roles="user,admin" on my <servletredirector> in my <cactifywar> task, 
everything works as expected.  If I remove them, I expect the ones in 
my web.xml file to be used - only because the documentation says so:

roles
A comma-separated list of role names which will be granted access to 
the redirector. If this attribute is ommitted, access to the redirector 
will not be constrained. Unless the roles are already defined in the 
deployment descriptor, they will be added automatically.

So maybe the documentation should be changed?

Here's the relevant section from my web.xml:


       <!-- Restrict all users from accessing *.do -->
     <security-constraint>
         <web-resource-collection>
             <web-resource-name>My Application</web-resource-name>
             <description>Require users to authenticate</description>
             <url-pattern>*.do</url-pattern>
             <http-method>POST</http-method>
             <http-method>GET</http-method>
         </web-resource-collection>
         <auth-constraint>
             <description>Define who can access this 
url-pattern</description>
             <role-name>admin</role-name>
             <role-name>user</role-name>
         </auth-constraint>
         <user-data-constraint>
             <description>
                 Encryption is not required for the application in 
general.
			    </description>
             <transport-guarantee>NONE</transport-guarantee>
         </user-data-constraint>
     </security-constraint>
     <!-- Login Configuration -->

	<login-config>
         <auth-method>FORM</auth-method>
         <form-login-config>
             <form-login-page>/security/login.jsp</form-login-page>
             
<form-error-page>/security/login.jsp?error=true</form-error-page>
         </form-login-config>
     </login-config>

     <!-- The admin role -->
     <security-role>
         <description>Administrator role (can edit Users)</description>
         <role-name>admin</role-name>
     </security-role>
     <!-- The tomcat role -->
     <security-role>
         <description>Default Role for All Users</description>
         <role-name>user</role-name>
     </security-role>

Thanks,

Matt


Mime
View raw message