tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Propes, Barry L [GCG-NAOT]" <barry.l.pro...@citigroup.com>
Subject authentication security constraint error
Date Wed, 21 Feb 2007 22:49:15 GMT
Hi,
 
I've been using versions 4.0 and 4.1.3 with a security constraint with no problems.
 
However, when I added info in my server.xml file to try and attempt DBCP, I get a warning
in my logs about something being defined in in an auth-constraint without being in a security
role. Maybe not too big a deal.
 
However, ever since I added the Resource Name and Params for the DBCP, I don't get challenged
on the form to enter the "password protected" area, which in turn causes some other errors.
 
Does anyone know why adding that bit of configuration to the server.xml file would render
the security constraint inoperable?
 
I'm open to feedback, let me know if more info's needed.
 
Thanks!

 
 
 
I've actually got the security constraint configured properly, as it's worked before with
no issues.:
----------------------------------------------------------------------------------------------------------------------------------
    <security-constraint>
        <web-resource-collection>
             <web-resource-name>Change Control Protected Area</web-resource-name>
             <!-- Protect all files in the /murach/chngctrl/admin directory -->
             <url-pattern>/chngctrl/admin/*</url-pattern>
             <url-pattern>/chngctrl/change_ctrl_admin4.jsp</url-pattern>
             <url-pattern>/chngctrl/chg_ctrl_adm_vote.jsp</url-pattern>
             <http-method>GET</http-method>
             <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
             <!-- Users in the service and admin roles can access the admin dir 
             added several to match Change ctrl categs-->
             <role-name>service</role-name>
             <role-name>admin</role-name>
             <role-name>comply</role-name>
             <role-name>ops</role-name>
             <role-name>legal</role-name>
             <role-name>risk</role-name>
        </auth-constraint>
    </security-constraint>
--------------------------------------------------------------------------------------------------------
 
Here's the log info:
 
2007-02-21 16:28:02 HostConfig[localhost]: Deploying web application directory murach
2007-02-21 16:28:02 StandardHost[localhost]: Installing web application at context path /murach
from URL file:C:\jakarta-tomcat-4.1.31\webapps\murach
2007-02-21 16:28:02 WebappLoader[/murach]: Deploying class repositories to work directory
C:\jakarta-tomcat-4.1.31\work\Standalone\localhost\murach
2007-02-21 16:28:02 WebappLoader[/murach]: Deploy class files /WEB-INF/classes to C:\jakarta-tomcat-4.1.31\webapps\murach\WEB-INF\classes
2007-02-21 16:28:02 WebappLoader[/murach]: Deploy JAR /WEB-INF/lib/mm.mysql-2.0.8-bin.jar
to C:\jakarta-tomcat-4.1.31\webapps\murach\WEB-INF\lib\mm.mysql-2.0.8-bin.jar
2007-02-21 16:28:02 ContextConfig[/murach]: WARNING: Security role name service used in an
<auth-constraint> without being defined in a <security-role>
2007-02-21 16:28:02 ContextConfig[/murach]: WARNING: Security role name admin used in an <auth-constraint>
without being defined in a <security-role>
2007-02-21 16:28:02 ContextConfig[/murach]: WARNING: Security role name comply used in an
<auth-constraint> without being defined in a <security-role>
2007-02-21 16:28:02 ContextConfig[/murach]: WARNING: Security role name ops used in an <auth-constraint>
without being defined in a <security-role>
2007-02-21 16:28:02 ContextConfig[/murach]: WARNING: Security role name legal used in an <auth-constraint>
without being defined in a <security-role>
2007-02-21 16:28:02 ContextConfig[/murach]: WARNING: Security role name risk used in an <auth-constraint>
without being defined in a <security-role>
2007-02-21 16:28:02 ContextConfig[/murach]: Configured an authenticator for method FORM
2007-02-21 16:28:02 StandardManager[/murach]: Seeding random number generator class java.security.SecureRandom
2007-02-21 16:28:02 StandardManager[/murach]: Seeding of random number generator has been
completed
2007-02-21 16:28:02 StandardWrapper[/murach:default]: Loading container servlet default
2007-02-21 16:28:02 default: init
2007-02-21 16:28:02 StandardWrapper[/murach:invoker]: Loading container servlet invoker
2007-02-21 16:28:02 invoker: init
2007-02-21 16:28:02 jsp: init
2007-02-21 16:28:02 HostConfig[localhost]: Deploying web application directory ROOT
 
-------------------------------------------------------------------------------------------------------------------------

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message