tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Tomcat 7 authentication error only with IE8 or IE7
Date Tue, 10 Aug 2010 15:08:08 GMT
2010/8/10 Eli Chernos <>:
> Hi all,
> I have migrated a Tom Cat 6.0.14 server running on Windows 2003 server to a
> Windows 2008 server running Tom Cat 7.0.0.
> Every thing is running great except for when I try to access a restricted
> folder(password protected) configured with (POST method).
> When I try to access a restricted folder the login page is displayed like it
> should and when I enter the correct user name and password I'm forwarded to
> the requested page.
> The issue is that once I do this with ie8 or ie7 I receive a:
> HTTP Status 408 - The time allowed for the login process has been exceeded.
> If you wish to continue you must either click back twice and re-click the
> link you requested or close and re-open your browser
> and on the address bar the /j_security_check is displayed after the
> requested URL.
> I should note that it's definitely not a timeout issue, the setting is
> default (30) I believe.
> I copied the tomcat-users.xml and web.xml exactly as they where on the old
> machine, in addition when I try to access the same page with FireFox or
> Chrome or any other browser there is no problem at all
> The only clue I was able to find was in the logs, saying:
> Line 86: INFO: WARNING: Security role name ***** used in an
> <auth-constraint> without being defined in a <security-role>
> Any ideas guys?
> Any help would be really appreciated as I have no clue what might be the
> cause of this .
> --
> Thanks & Regards
> Eli C

No clue as well yet either, though

1. You may try with 7.0.2.

See "[VOTE] Release Apache Tomcat 7.0.2" thread on dev@ for a download link.

There was a bug with handling of a session cookie (49598) that is
already fixed. I think that it can cause such behaviour.

2. The product name is "Tomcat" or "Apache Tomcat".

Please spell it properly.

3. The "HTTP Status 408" page is displayed by Tomcat? Is Tomcat
running standalone, or behind another web server?

> Line 86: INFO: WARNING: Security role name ***** used in an
> <auth-constraint> without being defined in a <security-role>

You can fix the mentioned error, don't you?

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message