tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49048] New: ACL not applied to redirect URLs
Date Mon, 05 Apr 2010 18:14:43 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49048

           Summary: ACL not applied to redirect URLs
           Product: Tomcat Connectors
           Version: 1.2.28
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: normal
          Priority: P2
         Component: isapi
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: joseph_lawson@sra.com


Directories intercepted by the isapi_redirect do not interpret the permissions
created in IIS directories.

To replicate this:

Configure the isapi_redirect as normal and make sure an application is being
fowarded such as /manager.  Create a directory in the IIS site with the same
name as the redirect URL listed in the uriworkermap.properties, like manager. 
Turn off anonymous access to the site to force basic authentication and apply
ACL restrictions on the /manager site such that access is restricted.  

Result:  The user is prompted for credentials but only parent directory
permissions are applied, not the specific directories rights.  Being that all
authentication is being handled by IIS, the directory permissions should be
applied as setup in IIS.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message