portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Assigned: (JS2-526) JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat
Date Thu, 12 Oct 2006 22:20:36 GMT
     [ http://issues.apache.org/jira/browse/JS2-526?page=all ]

David Sean Taylor reassigned JS2-526:
-------------------------------------

    Assignee: David Sean Taylor

> JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat
> -----------------------------------------------------------------------------------
>
>                 Key: JS2-526
>                 URL: http://issues.apache.org/jira/browse/JS2-526
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1-dev
>         Environment: Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev
(sources)
>            Reporter: Bruno Marti
>         Assigned To: David Sean Taylor
>            Priority: Minor
>             Fix For: 2.1-dev
>
>         Attachments: security.patch.txt
>
>
> I've built my own portal from the 2.1-dev sources.
> The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
> Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
> (seems like the same problem in Issue JS2-496: http://issues.apache.org/jira/browse/JS2-496)
> If I'm manually adding the following role-name in portal's web.xml, it works fine, on
both tomcat and jboss servers:
>   <role-name>*</role-name>
> here the new full constraint entry:
> ...
> 	<!-- Protect LogInRedirectory.jsp.  This will require a login when called -->
> 	<security-constraint>
> 		<web-resource-collection>
> 			<web-resource-name>Login</web-resource-name>
> 			<url-pattern>/login/redirector</url-pattern>
> 		</web-resource-collection>
> 		<auth-constraint>
> 			<!-- the required portal user role name defined in: -->
> 			<!-- /WEB-INF/assembly/security-atn.xml             -->
> 			<role-name>portal-user</role-name>
> 			<role-name>*</role-name>
> 		</auth-constraint>
> 	</security-constraint>
> ...
> Is this quite correct or do I have a security problem now?
> Or is there a bug in JBoss?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message