tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 9023] New: - Servlet Container does not convert the roles, which wherer specified in the Element <security-role-ref>
Date Mon, 13 May 2002 09:29:15 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9023>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9023

Servlet Container does not convert the roles, which wherer specified in the Element <security-role-ref>

           Summary: Servlet Container does not convert the roles, which
                    wherer specified in the Element <security-role-ref>
           Product: Tomcat 4
           Version: 4.0.1 Final
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Servlet & JSP API
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: markus.ide@ejbguru.de


The Tomcat Servlet Container does not convert the roles, which where specified 
in the Element <security-role-ref>.
The following test szenario could be used to detect the error.

1.) insert the JSP test.jsp in an web-archive
2.) modify the deployment descriptor as shown
3.) start the tomcat server
4.) request the JSP and login as tomcat/tomcat or both/tomcat. The output is 
always false for the method isUserInrole.


----------------------------------------------------------------------------
JSP Testfile: 'test.jsp'
----------------------------------------------------------------------------
<html>
  <head>
    <title>test</title>
  </head>
  <body>
    <p>
      User is in referenced roleAlias1? 
      <%= request.isUserInRole("roleAlias1") %>
    </p>
    <p>
      User is in referenced roleAlias2? 
      <%= request.isUserInRole("roleAlias2") %>
    </p>
  </body>
</html>


-----------------------------------------------------------------------------
WEB.XML:
-----------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 
2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
  <servlet>
    <servlet-name>RoleReference</servlet-name>
    <jsp-file>/test.jsp</jsp-file>
    <security-role-ref>
      <role-name>roleAlias1</role-name>
      <role-link>role1</role-link>
    </security-role-ref>
    <security-role-ref>
      <role-name>roleAlias2</role-name>
      <role-link>tomcat</role-link>
    </security-role-ref>
  </servlet>
  <security-constraint>
    <display-name>test</display-name>
    <web-resource-collection>
      <web-resource-name>Collection1</web-resource-name>
      <url-pattern>/test.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>tomcat</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>default</realm-name>
  </login-config>
  <security-role>
    <role-name>role1</role-name>
  </security-role>
  <security-role>
    <role-name>tomcat</role-name>
  </security-role>
</web-app>

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message