tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 23:34:59 GMT
Marcel Stör wrote:
> Not sure I can follow you guys on this...A few questions, my assumption
> is that the role-issue has nothing to do with the real problem:

Correct. Chuck and I are off on our own little tangent.

> 1. Is the "*"-role issues even relevant in my context? After all, the
> security constraint works fine if I initially log in...
At this stage, I don't believe it is relevant.

> 2. My requirement is indeed: "allow any authenticated user, ignore roles
> all together". So I set
>  <auth-constraint>
>      <role-name>*</role-name>
>    </auth-constraint>
>  </security-constraint>
>  ...
>  <security-role>
>    <role-name>*</role-name>
>  </security-role>
> in web.xml and allRolesMode="AUTH_ONLY_MODE" in the JDBC realm config.
> Correct?

> Uummhh, obviously not, because there's still this error in the
> log, but it has no impact:
> Feb 27, 2009 12:06:43 AM org.apache.catalina.realm.JDBCRealm getRoles
> SEVERE: Exception performing authentication
> java.sql.SQLException: ORA-00903: invalid table name

Tomcat expects there to be a role table with the right fields - even if
it doesn't actually need it.

>     at
> oracle.jdbc.driver.DatabaseError.throwSqlException(
>     at oracle.jdbc.driver.T4CTTIoer.processError(
>     at oracle.jdbc.driver.T4CTTIoer.processError(
> 3. Why does it seem to be relevant that the request where
> auto-forwarding-to-login-after-session-timeout fails is an AJAX request?

Maybe AJAX can't handle the redirect that Tomcat issues? ieHttpHeaders
(IE), LiveHttpHeaders (FireFox), tcpmon (from Apache Axis) or an
equivalent tool is required here to look at the HTTP headers going back
and forth.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message