Return-Path: Delivered-To: apmail-portals-jetspeed-dev-archive@www.apache.org Received: (qmail 78521 invoked from network); 27 Feb 2006 21:22:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 27 Feb 2006 21:22:41 -0000 Received: (qmail 88718 invoked by uid 500); 27 Feb 2006 21:22:39 -0000 Delivered-To: apmail-portals-jetspeed-dev-archive@portals.apache.org Received: (qmail 88671 invoked by uid 500); 27 Feb 2006 21:22:39 -0000 Mailing-List: contact jetspeed-dev-help@portals.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@portals.apache.org Received: (qmail 88655 invoked by uid 500); 27 Feb 2006 21:22:38 -0000 Delivered-To: apmail-jakarta-jetspeed-dev@jakarta.apache.org Received: (qmail 88642 invoked by uid 99); 27 Feb 2006 21:22:38 -0000 X-ASF-Spam-Status: No, hits=1.3 required=10.0 tests=SPF_FAIL X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Feb 2006 13:22:26 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id BE92DDD for ; Mon, 27 Feb 2006 22:21:57 +0100 (CET) Message-ID: <2105909431.1141075317778.JavaMail.jira@ajax.apache.org> Date: Mon, 27 Feb 2006 22:21:57 +0100 (CET) From: "Brad Svee (JIRA)" To: jetspeed-dev@jakarta.apache.org Subject: [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin role attempts to log in In-Reply-To: <1152505658.1139796597432.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12368030 ] Brad Svee commented on JS2-496: ------------------------------- adding the following to the web.xml inside the will take care of the problem in Tomcat 5.5.15, although adding roles through the UI will require a modification here manually:

manager

user

admin

> J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin role attempts to log in > ----------------------------------------------------------------------------------------------------------------- > > Key: JS2-496 > URL: http://issues.apache.org/jira/browse/JS2-496 > Project: Jetspeed 2 > Type: Bug > Components: Security > Versions: 2.0-FINAL > Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3) > Reporter: Aaron Evans > > When J2 is deployed on tomcat 5.5.15, whenever any user that does not have the admin role logs in, a 403 is returned for the URI /login/redirector. > This does not occur on earlier releases of tomcat (5.5.9 for example). > The user is in fact authenticated, for if you delete the /login/redirector from the URL in the browser and refresh, then the main page of the portal is shown and the user is authenticated. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org For additional commands, e-mail: jetspeed-dev-help@portals.apache.org