portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jian Liao" <jian.l...@gmail.com>
Subject Re: [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin role attempts to log in
Date Fri, 24 Feb 2006 13:57:24 GMT
That is a bug in tomcat 5.5.12 and previous version. tomcat 5.5.15 fixed it,
but IMHO jetspeed 2 can not work with tomcat 5.5.15 because there is
something wrong in jetspeed.war/WEB-INF/web.xml.

On 2/24/06, Aaron Evans <aaronmevans@yahoo.ca> wrote:
>
> So this is a tomcat bug, right?
>
> -----Original Message-----
> From: Jian Liao (JIRA) [mailto:jetspeed-dev@portals.apache.org]
> Sent: Friday, February 17, 2006 12:35 AM
> To: aaronmevans@yahoo.ca
> Subject: [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned
> to client browser when any user that doesn't have admin role attempts to
> log in
>
>
>     [
> http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12366753]
>
> Jian Liao commented on JS2-496:
> -------------------------------
>
> FYI, the following bug is related to this issue:
>
> 1. 37852: Fix regression where the magic role '*' was denying all access.
> Patch by xrcat (billbarker)
> 2. 15570: auth-constraint of * was interpretted as all authenticated users
> rather than as all roles defined in web.xml. (markt)
>
> Class: org.apache.catalina.realm.RealmBase, line 726 to 777.
> Link: http://tomcat.apache.org/tomcat-5.5-doc/changelog.html
>
>
> - Jian Liao
>
> > J2 on tomcat 5.5.15: 403 returned to client browser when any user that
> doesn't have admin role attempts to log in
> >
> -----------------------------------------------------------------------------------------------------------------
> >
> >          Key: JS2-496
> >          URL: http://issues.apache.org/jira/browse/JS2-496
> >      Project: Jetspeed 2
> >         Type: Bug
> >   Components: Security
> >     Versions: 2.0-FINAL
> >  Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3)
> >     Reporter: Aaron Evans
>
> >
> > When J2 is deployed on tomcat 5.5.15, whenever any user that does not
> have the admin role logs in, a 403 is returned for the URI
> /login/redirector.
> > This does not occur on earlier releases of tomcat (5.5.9 for example).
> > The user is in fact authenticated, for if you delete the
> /login/redirector from the URL in the browser and refresh, then the main
> page of the portal is shown and the user is authenticated.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
>    http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
>    http://www.atlassian.com/software/jira
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>


--
thanks,
- Jian Liao

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message