tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yann Cebron" <>
Subject [Repost] TC 5.0.18: behaviour of <security-constraint> changed??
Date Fri, 06 Feb 2004 19:31:05 GMT

I have a strange problem with my Struts-Webapp (nightly build) on 5.0.18 -
every TC version before worked like expected (4.1.x as well as 5.1.x. but
maybe I'm getting the SERVLET2.4 spec wrong, and some changes have been made
to 5.0.18 regarding this aspect).

I have declared a <security-constraint> with no (empty element) assigned
roles for a whole subdirectory containing my JSP pages and other stuff:
<url-pattern>/s/*</url-pattern>. Now direct access to this directory and the
pages is not possible anymore, everything has to be accessed with the
corresponding Struts-Actions.

Now comes my problem: *every* Struts-Action whose path starts with the
character 's' (just like my protected subdir is named) does not work
anymore - TC pops in and wants me to authenticate. Apparently TC is trying
to access "/context/s/" instead of executing "/context/" which
would call the ActionForward "/s/mypage.jsp".

I know I can put the stuff as well under /WEB-INF/ to protect the pages, but
I'm just curious why it does not behave like it did before.

Thanks in advance,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message