tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 22:44:11 GMT
Caldarale, Charles R wrote:
>> From: Mark Thomas [mailto:markt@apache.org]
>> Subject: Re: Request not forwarded to login page with
>> security-constraint after session time-out
>>
>> The spec is clearer than that. The "*" role == all roles
>> defined in web.xml.
> 
> Yes, but what it's not clear about is what happens when there are *no* roles defined
in web.xml, which is the situation the OP has.

I thought it was pretty clear. If "*" is all roles defined and you have
no roles defined then you are basically preventing anyone from accessing
that resource (subject to the weird and wonderful rules on combining
security constraints).

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message