tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: [Repost] TC 5.0.18: behaviour of <security-constraint> changed??
Date Sat, 07 Feb 2004 05:38:17 GMT
Yup, that's a bug.  It's fixed now in the CVS, and will appear in 5.0.19
(due out in a week or so).

"Yann Cebron" <yannc76@yahoo.de> wrote in message
news:c00q15$i9r$1@sea.gmane.org...
> Hi,
>
> I have a strange problem with my Struts-Webapp (nightly build) on 5.0.18 -
> every TC version before worked like expected (4.1.x as well as 5.1.x. but
> maybe I'm getting the SERVLET2.4 spec wrong, and some changes have been
made
> to 5.0.18 regarding this aspect).
>
> I have declared a <security-constraint> with no (empty element) assigned
> roles for a whole subdirectory containing my JSP pages and other stuff:
> <url-pattern>/s/*</url-pattern>. Now direct access to this directory and
the
> pages is not possible anymore, everything has to be accessed with the
> corresponding Struts-Actions.
>
> Now comes my problem: *every* Struts-Action whose path starts with the
> character 's' (just like my protected subdir is named) does not work
> anymore - TC pops in and wants me to authenticate. Apparently TC is trying
> to access "/context/s/" instead of executing "/context/someaction.do"
which
> would call the ActionForward "/s/mypage.jsp".
>
> I know I can put the stuff as well under /WEB-INF/ to protect the pages,
but
> I'm just curious why it does not behave like it did before.
>
> Thanks in advance,
>
> Yann




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message