tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robin Green" <gree...@hotmail.com>
Subject Two authentication bugs
Date Wed, 03 May 2000 16:56:32 GMT
My configuration is

Tomcat 3.1
Cocoon 1.7.1-dev
Solaris 7

I have set up two BASIC authentication zones for development purposes in 
build/tomcat/conf/web.xml as follows:

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Administrator Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/admin/*</url-pattern>
     </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>admin</role-name>
      </auth-constraint>
    </security-constraint>

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Members Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/users/*</url-pattern>
     </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>admin</role-name>
         <role-name>user</role-name>
      </auth-constraint>
    </security-constraint>

The relevant context from server2.xml is

        <Context path="/fyp" docBase="/home/ufs1/12/greenrd/fyp/public"
         debug="1"
         reloadable="true" />

However, when I log in correctly:

Bug 1: the servlet mapping which states that *.xml files are to be handled 
by Cocoon is broken inside these security zones (but not outside). Instead 
it returns the .xml file directly to Internet Explorer.

Bug 2: http://myhost/fyp/users/foobar.xml causes Tomcat to fetch 
~/fyp/public/foobar.xml not ~/fyp/public/users/foobar.xml as it should. So I 
tried http://myhost/fyp/users/users/ and this gave me a directory listing 
starting with

Directory Listing for: /fyp/users/users/
Up to: /fyp/users


which is _actually_ a directory listing for ~/fyp/public/users (it should 
have 404ed). Clearly the path for the zone is being stripped from the URI, 
which makes no sense. ( ~ indicates my home dir, /home/ufs1/12/greenrd ).

There are no operating-system symbolic links involved. There is no WEB-INF 
directory under ~/fyp/public . If I create one and copy web.xml to 
~/fyp/public/WEB-INF and restart tomcat, same two bugs occur.

I really don't want to reorganise all my links to work around this bug. 
Suggestions?

--
Robin

270+ Open Source Java links! 
http://directory.mozilla.org/Computers/Programming/Languages/Java/Open_Source/

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


Mime
View raw message