tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Larry Isaacs <Larry.Isa...@sas.com>
Subject RE: Is it a BUG? (Tomcat Web Server v3.2 (final))
Date Tue, 05 Feb 2002 20:33:47 GMT
This is a known bug in 3.2 and 3.2.1.  I think it was fixed
in Tomcat 3.2.2.  It is not a problem in Tomcat 3.3 and
Tomcat 4.x versions as well.

Cheers,
Larry

> -----Original Message-----
> From: Igor Fedulov [mailto:ifedulov@outlook.net]
> Sent: Tuesday, February 05, 2002 3:31 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Is it a BUG? (Tomcat Web Server v3.2 (final))
> 
> 
> 
> Hello All:
> 
> I'm new to this list, so please forgive me if I post 
> something which was
> posted before. I tried to search
> http://www.mail-archive.com/tomcat-user@jakarta.apache.org/ 
> and come up
> with nothing.
> 
> Environment:
> 1. Netbeans 3.3.1 with built in Tomcat 3.2 server
> 2. web.xml fragment:
> 	<security-constraint>
> 		<web-resource-collection>
> 			
> <web-resource-name>SecurePages</web-resource-name>
> 			<description>Security constraint for 
> resources in
> the secure directory</description>
> 			<url-pattern>/secure/*</url-pattern>
> 			<http-method>POST</http-method>
> 			<http-method>GET</http-method>
> 		</web-resource-collection>
> 
> 		<auth-constraint>
> 			<description>only let the system user login
> </description>
> 			<role-name>admin</role-name>
> 		</auth-constraint>
> 
> 		<user-data-constraint>
> 			<description>SSL not required</description>
> 			<transport-guarantee>NONE</transport-guarantee>
> 		</user-data-constraint>
> 	</security-constraint>
>     	<login-config>
>     		<auth-method>FORM</auth-method>
>     		<form-login-config>
>     			
> <form-login-page>/LoginForm.html</form-login-page>
> 
> <form-error-page>/LoginError.html</form-error-page>
>     		</form-login-config>
>     	</login-config>
> 	<security-role>
> 	    <description>Admin ROLE</description>
> 	    <role-name>admin</role-name>
>  	</security-role>
> 3. Problem:
> 
> a. request such as http://localhost:8080/secure getting routed to
> /LoginForm.html as described in web.xml which is cool and what I want.
> b. request such as http://localhost:8080//secure returns directory
> listing of secure directory without auth...
> 
> If this is fixed or known bug please let me know.
> 
> Thanks!
> 
> -- 
> Best regards,
> --
> HTTP is a stateless protocol, and the Internet is a stateless 
> development
> environment
> --
> Igor Fedulov
> E-mail : ifedulov@outlook.net
> Work Ph: 773.775.1595
> Home Ph: 773.281.8938
> Cell Ph: 773.580.5935
> 
> 
> 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message