tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Kohll <>
Subject auth-constraint in web.xml in tomcat 5.5.15
Date Fri, 03 Feb 2006 16:10:34 GMT

I have security for a web application managed by a DataSource  
database realm. Using tomcat 5.5.14 this works fine but in 5.5.15  
there seems to be a problem.

My application's web.xml contains

         <web-resource-name>portalBase Application</web-resource-name>
       <realm-name>portalBase Application</realm-name>

The problem seems to be the <role-name>*</role-name> line. If I put a  
specific role in, users in that role can log in but the * wildcard  
doesn't work. A 403 HTTP rejection is issued if the user inputs a  
correct username and password (if they put in the wrong username/ 
password, it prompts again as expected). As users themselves can add  
roles to the database, I don't know what the roles may be so I have  
to use the wildcard.

I see in the 5.5.15 changelog 
changelog.html there are a few items relating to the * role, I wonder  
if one of these is something to do with it.

The code in tomcat's conf/server.xml is

         <Context path="/portalBase" docBase="portalBase"
           debug="0" reloadable="false" crossContext="false">
           <Resource name="jdbc/portalBase" auth="Container"  
                maxActive="10" maxIdle="5" maxWait="10000"
                username="myusername" password="mypassword"  
className="org.apache.catalina.realm.DataSourceRealm" debug="99"
                dataSourceName="jdbc/portalBase" localDataSource="true"
                userTable="dbint_users" userNameCol="username"  

Any ideas?


Oliver / 0845 456 1810 / 07814 828608
Furze Bank, 34 Hanover Street, SWANSEA UK, SA1 6BA

No contracts may be concluded on behalf of GT webMarque by means of e- 
communications. The contents of this e-mail are confidential to the
intended recipient at the e-mail address to which it has been addressed;
it may not be disclosed to or used by anyone other than this addressee,
nor may it be copied in any way. If received in error please return to
sender via e-mail.

Please note that neither GT webMarque Ltd nor the sender accept any
responsibility for viruses transmitted via e-mail. It is your
responsibility to scan attachments (if any).

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message