tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "brian bay" <>
Subject Tomcat 5.5.17 <role-name>*</role-name> behavior change
Date Fri, 01 Sep 2006 17:26:02 GMT
I recently upgraded from tomcat 5.0.28 to 5.5.17.   I have security set up
on all my apps to allow any user that can authenticate against ldap access
to the application....

So in 5.0.28,  I  defined <role-name>*</role-name>  to allow all role
names.   In 5.5.17 the behavior changes on the role-name attribute, and
apparently the * now means "all roles defined inside of web.xml" instead of
the previous "all/any roles"..   I understand that after tomcat 5.5.12,
tomcat was "fixed" to conform to the 2.4 servlet spec, in which the * 's
meaning is redefined.   Suck.

I dont want to have to define 300 roles in web.xml..  Once I do that, I am
now maintaning roles in 2 places.

***As a test/workaround, I downloaded 5.5.12 and copied catalina.jar from
server/lib to my 5.5.17 installation..  !Voila!  authentication now works
with the <role-name>*</role-name>


Why is there no backwards compatibility?  or is there and I just have to
tell it which servlet spec to use?

***As, for my workaround.  I cant see this as being a very good solution...
I'm guessing this will cause problems elsewhere??

I could just use 5.5.12, but I'm sure there are some bug fixes along the way
that I would benefit from..


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message