tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 20:29:42 GMT
> From: Marcel Stör [mailto:marcel@frightanic.com]
> Subject: Re: Request not forwarded to login page with
> security-constraint after session time-out
>
> No, I only mentioned this because Tomcat throws an SQL exception
> because it tries to query a table called "" if I don't specify a role
> table in the realm config in context.xml

That's because of the strong implication in the servlet spec that roles are required; any
behavior you observe in a particular Tomcat level when no roles exist is very likely an accident
and not guaranteed from one version to the next.

A proper way to handle this would be to subclass the Realm you're now using, and have that
subclass fill in a dummy role name for each user; that dummy name should also be specified
in the web.xml for the webapp.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message