tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: [Repost] TC 5.0.18: behaviour of <security-constraint> changed??
Date Sat, 07 Feb 2004 05:38:17 GMT
Yup, that's a bug.  It's fixed now in the CVS, and will appear in 5.0.19
(due out in a week or so).

"Yann Cebron" <> wrote in message
> Hi,
> I have a strange problem with my Struts-Webapp (nightly build) on 5.0.18 -
> every TC version before worked like expected (4.1.x as well as 5.1.x. but
> maybe I'm getting the SERVLET2.4 spec wrong, and some changes have been
> to 5.0.18 regarding this aspect).
> I have declared a <security-constraint> with no (empty element) assigned
> roles for a whole subdirectory containing my JSP pages and other stuff:
> <url-pattern>/s/*</url-pattern>. Now direct access to this directory and
> pages is not possible anymore, everything has to be accessed with the
> corresponding Struts-Actions.
> Now comes my problem: *every* Struts-Action whose path starts with the
> character 's' (just like my protected subdir is named) does not work
> anymore - TC pops in and wants me to authenticate. Apparently TC is trying
> to access "/context/s/" instead of executing "/context/"
> would call the ActionForward "/s/mypage.jsp".
> I know I can put the stuff as well under /WEB-INF/ to protect the pages,
> I'm just curious why it does not behave like it did before.
> Thanks in advance,
> Yann

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message