tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Kohll <>
Subject Re: auth-constraint in web.xml in tomcat 5.5.15
Date Mon, 06 Feb 2006 10:54:55 GMT
Thanks. Commenting out the <auth-constraint> got the result I want.


On 3 Feb 2006, at 17:54, Mark Thomas wrote:

> Oliver Kohll wrote:
>> Hi,
>> I have security for a web application managed by a DataSource   
>> database
>> realm. Using tomcat 5.5.14 this works fine but in 5.5.15  there  
>> seems to
>> be a problem.
>> The problem seems to be the <role-name>*</role-name> line. If I put a
>> specific role in, users in that role can log in but the * wildcard
>> doesn't work. A 403 HTTP rejection is issued if the user inputs a
>> correct username and password (if they put in the wrong username/
>> password, it prompts again as expected). As users themselves can add
>> roles to the database, I don't know what the roles may be so I  
>> have  to
>> use the wildcard.
> The special role "*" means all roles specified in web.xml. It does not
> mean all roles specified in the realm nor does it mean all
> authenticated users.
> The fix for 15570 was to correctly handle "*". It used to be
> interpreted as all authenticated users. It is now correctly
> interpreted as all roles defined in web.xml.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> / 0845 456 1810 / 07814 828608
Furze Bank, 34 Hanover Street, SWANSEA UK, SA1 6BA

No contracts may be concluded on behalf of GT webMarque by means of e- 
communications. The contents of this e-mail are confidential to the
intended recipient at the e-mail address to which it has been addressed;
it may not be disclosed to or used by anyone other than this addressee,
nor may it be copied in any way. If received in error please return to
sender via e-mail.

Please note that neither GT webMarque Ltd nor the sender accept any
responsibility for viruses transmitted via e-mail. It is your
responsibility to scan attachments (if any).

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message