tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oliver Kohll <oli...@gtwm.co.uk>
Subject auth-constraint in web.xml in tomcat 5.5.15
Date Fri, 03 Feb 2006 16:10:34 GMT
Hi,

I have security for a web application managed by a DataSource  
database realm. Using tomcat 5.5.14 this works fine but in 5.5.15  
there seems to be a problem.

My application's web.xml contains

     <security-constraint>
       <web-resource-collection>
         <web-resource-name>portalBase Application</web-resource-name>
         <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
         <role-name>*</role-name>
       </auth-constraint>
     </security-constraint>
     <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>portalBase Application</realm-name>
	</login-config>

The problem seems to be the <role-name>*</role-name> line. If I put a  
specific role in, users in that role can log in but the * wildcard  
doesn't work. A 403 HTTP rejection is issued if the user inputs a  
correct username and password (if they put in the wrong username/ 
password, it prompts again as expected). As users themselves can add  
roles to the database, I don't know what the roles may be so I have  
to use the wildcard.

I see in the 5.5.15 changelog http://tomcat.apache.org/tomcat-5.5-doc/ 
changelog.html there are a few items relating to the * role, I wonder  
if one of these is something to do with it.

The code in tomcat's conf/server.xml is

         <Context path="/portalBase" docBase="portalBase"
           debug="0" reloadable="false" crossContext="false">
           <Resource name="jdbc/portalBase" auth="Container"  
type="javax.sql.DataSource"
                maxActive="10" maxIdle="5" maxWait="10000"
                username="myusername" password="mypassword"  
driverClassName="org.postgresql.Driver"
                url="jdbc:postgresql://localhost/chportalbase"/>
           <Realm  
className="org.apache.catalina.realm.DataSourceRealm" debug="99"
                dataSourceName="jdbc/portalBase" localDataSource="true"
                userTable="dbint_users" userNameCol="username"  
userCredCol="password"
                userRoleTable="dbint_user_roles"  
roleNameCol="rolename"/>
         </Context>

Any ideas?

Regards,

Oliver

oliver@gtwebmarque.com / 0845 456 1810 / 07814 828608
Furze Bank, 34 Hanover Street, SWANSEA UK, SA1 6BA


NOTE
No contracts may be concluded on behalf of GT webMarque by means of e- 
mail
communications. The contents of this e-mail are confidential to the
intended recipient at the e-mail address to which it has been addressed;
it may not be disclosed to or used by anyone other than this addressee,
nor may it be copied in any way. If received in error please return to
sender via e-mail.

DISCLAIMER
Please note that neither GT webMarque Ltd nor the sender accept any
responsibility for viruses transmitted via e-mail. It is your
responsibility to scan attachments (if any).


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message