tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 18:52:04 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregor,

On 2/26/2009 9:59 AM, Gregor Schneider wrote:
> This looks a bit awkward to me (didn't know that this is possible),
> but I guess that's not the reason for your problem:
> 
>    <role-name>*</role-name>

This is fine. From the servlet spec SRV.13.3:

"
The auth-constraintType indicates the user roles that
should be permitted access to this resource
collection. The role-name used here must either correspond
to the role-name of one of the security-role elements
defined for this web application, or be the specially
reserved role-name "*" that is a compact syntax for
indicating all roles in the web application. If both "*"
and rolenames appear, the container interprets this as all
roles.  If no roles are defined, no user is allowed access
to the portion of the web application described by the
containing security-constraint.  The container matches
role names case sensitively when determining access.
"

In this context, it means "any authenticated user is authorized,
regardless of role".

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmm5NQACgkQ9CaO5/Lv0PC2BgCgr/wdxfLd7z0Vhzqb60x1BCaN
fxIAoJDD0oWvU27WN6mrnHVsGlMpMYhh
=foxl
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message