tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <Craig.McClana...@eng.sun.com>
Subject Re: Security checking cause extra path to context II
Date Fri, 21 Apr 2000 19:27:12 GMT
David Jian wrote:

> The problem comes from \web-inf\web.xml. Just using tomcat 3.1's  \examples
>  to repeate.
>
> When you use the web.xml from \examples\Web_Inf as:
>
> <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
>          <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>/jsp/security/protected/*</url-pattern>
>          <!-- If you list http methods, only those methods are protected -->
>          <http-method>DELETE</http-method>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
>          <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access this area -->
>          <role-name>tomcat</role-name>
>          <role-name>role1</role-name>
>       </auth-constraint>
>     </security-constraint>
>
> If you try the url as http://youhost/examples/jsp/security/protected/,
> tomcat will pop up the login screen. After filling them, a subdirectories
> under \examples comes out. if you click hyperlink of serlvets, the url is:
>

Grumble ... it looks like some very recent fix for some other problem has
completely broken the container managed security.  There should not be a
directory displayed -- it's supposed to go to an "index.jsp" page that is
present in that directory, and this worked in 3.1rc1.

>
> http://issws306:8080/examples/jsp/security/protected/servlets/
>
> but the hyperlinks on index.html will not work.
>

This is an additional problem -- the hyperlinks are being created incorrectly
by the default servlet.

>
> In tomcat3.1 rc1, I don't have that problem. But after installed 4/18
> release. I got this issue.
>
> Any advice will be appreciated.
>
> DJ

This one is going to take some digging to figure out what happened.

Craig McClanahan



Mime
View raw message