Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 77987 invoked from network); 1 Sep 2006 17:26:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 1 Sep 2006 17:26:37 -0000 Received: (qmail 34730 invoked by uid 500); 1 Sep 2006 17:26:24 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 34708 invoked by uid 500); 1 Sep 2006 17:26:24 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 34697 invoked by uid 99); 1 Sep 2006 17:26:24 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Sep 2006 10:26:24 -0700 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=DNS_FROM_RFC_ABUSE,HTML_10_20,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of brian.f.bay@gmail.com designates 66.249.82.225 as permitted sender) Received: from [66.249.82.225] (HELO wx-out-0506.google.com) (66.249.82.225) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Sep 2006 10:26:23 -0700 Received: by wx-out-0506.google.com with SMTP id s13so1065252wxc for ; Fri, 01 Sep 2006 10:26:02 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=grd5bjmuCtWS9VBn0ArUhuT5GGozoI7LWODW7yxvxwSePMb0rrIotQb6nz7N/PGOPny+1itDAitpg5DVQpxIl0YNz685X9LMQ8VDE6/JJWsvRDIVpnFg3XB85957aLYwICf4gMbH7GSeSu7+IMg1GQedMgxmOsV+72m8H3MU3zs= Received: by 10.70.39.11 with SMTP id m11mr2846667wxm; Fri, 01 Sep 2006 10:26:02 -0700 (PDT) Received: by 10.70.62.19 with HTTP; Fri, 1 Sep 2006 10:26:01 -0700 (PDT) Message-ID: Date: Fri, 1 Sep 2006 12:26:02 -0500 From: "brian bay" To: users@tomcat.apache.org Subject: Tomcat 5.5.17 * behavior change MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_88934_21573774.1157131562019" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_88934_21573774.1157131562019 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline I recently upgraded from tomcat 5.0.28 to 5.5.17. I have security set up on all my apps to allow any user that can authenticate against ldap access to the application.... So in 5.0.28, I defined * to allow all role names. In 5.5.17 the behavior changes on the role-name attribute, and apparently the * now means "all roles defined inside of web.xml" instead of the previous "all/any roles".. I understand that after tomcat 5.5.12, tomcat was "fixed" to conform to the 2.4 servlet spec, in which the * 's meaning is redefined. Suck. I dont want to have to define 300 roles in web.xml.. Once I do that, I am now maintaning roles in 2 places. ***As a test/workaround, I downloaded 5.5.12 and copied catalina.jar from server/lib to my 5.5.17 installation.. !Voila! authentication now works with the * questions: Why is there no backwards compatibility? or is there and I just have to tell it which servlet spec to use? ***As, for my workaround. I cant see this as being a very good solution... I'm guessing this will cause problems elsewhere?? I could just use 5.5.12, but I'm sure there are some bug fixes along the way that I would benefit from.. thanks, Brian ------=_Part_88934_21573774.1157131562019--