Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1C223DE78 for ; Tue, 13 Nov 2012 01:55:58 +0000 (UTC) Received: (qmail 51407 invoked by uid 500); 13 Nov 2012 01:55:57 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 51347 invoked by uid 500); 13 Nov 2012 01:55:57 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 51338 invoked by uid 99); 13 Nov 2012 01:55:57 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Nov 2012 01:55:57 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Nov 2012 01:55:56 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 06214A8E5; Tue, 13 Nov 2012 01:55:36 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 54141] New: Configuration does not allow Realms to be nested more than 2 levels deep Date: Tue, 13 Nov 2012 01:55:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 7 X-Bugzilla-Component: Catalina X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: chris@christopherschultz.net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: priority bug_id assigned_to short_desc bug_severity classification op_sys reporter rep_platform bug_status version component product Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=54141 Priority: P2 Bug ID: 54141 Assignee: dev@tomcat.apache.org Summary: Configuration does not allow Realms to be nested more than 2 levels deep Severity: normal Classification: Unclassified OS: Mac OS X 10.4 Reporter: chris@christopherschultz.net Hardware: PC Status: NEW Version: 7.0.32 Component: Catalina Product: Tomcat 7 The use case is to have one Realm that is configured for lock-out with another that is not: the two should be combined together. The obvious configuration attempt is this: Unfortunately, this configuration yields an error: No rules found matching 'Server/Service/Engine/Realm/Realm/Realm' org.apache.catalina.startup.RealmRuleSet.addRuleInstances only goes 2 levels deep when it comes to Realms (that is, only allows "Realm" and "Realm/Realm"). Adding a 3rd level would certainly work here and might be sufficient. Another option would be to configure the digester to allow arbitrary levels of Realm-nesting for even the most pathological cases. For reference, see this link to a question over on StackOverflow: http://stackoverflow.com/questions/13274696/tomcat-7-nesting-combinedrealm-lockoutrealm-and-datasourcerealm -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org