David Jian wrote:
> The problem comes from \web-inf\web.xml. Just using tomcat 3.1's \examples
> to repeate.
>
> When you use the web.xml from \examples\Web_Inf as:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/jsp/security/protected/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>tomcat</role-name>
> <role-name>role1</role-name>
> </auth-constraint>
> </security-constraint>
>
> If you try the url as http://youhost/examples/jsp/security/protected/,
> tomcat will pop up the login screen. After filling them, a subdirectories
> under \examples comes out. if you click hyperlink of serlvets, the url is:
>
Grumble ... it looks like some very recent fix for some other problem has
completely broken the container managed security. There should not be a
directory displayed -- it's supposed to go to an "index.jsp" page that is
present in that directory, and this worked in 3.1rc1.
>
> http://issws306:8080/examples/jsp/security/protected/servlets/
>
> but the hyperlinks on index.html will not work.
>
This is an additional problem -- the hyperlinks are being created incorrectly
by the default servlet.
>
> In tomcat3.1 rc1, I don't have that problem. But after installed 4/18
> release. I got this issue.
>
> Any advice will be appreciated.
>
> DJ
This one is going to take some digging to figure out what happened.
Craig McClanahan
|