tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: security-role-ref doesn't work
Date Fri, 19 Apr 2013 20:47:51 GMT
On 19/04/2013 21:37, Propes, Barry L wrote:
> What version are you using?
> 
>  Mine doesn't contain this attribute pair at all...
> 
> <security-role-ref> 
> </security-role-ref>

The version being used is irrelevant. <security-role-ref> is only valid
inside a <servlet> element.

There might still be a bug here - I'm currently looking at the source to
check - but it isn't the bug the OP thinks they have found.

Mark

> 
> -----Original Message-----
> From: Jakub 1983 [mailto:jjakub83@gmail.com] 
> Sent: Thursday, April 18, 2013 8:51 PM
> To: Tomcat Users List
> Subject: security-role-ref doesn't work
> 
> my tomcat users:
>   <role rolename="tomcat"/>
>   <role rolename="role1"/>
>    <role rolename="manager-gui"/>
>    <role rolename="admin"/>
>   <user username="tomcat" password="tomcat"
> roles="tomcat,manager-gui,admin"/>
>   <user username="both" password="tomcat" roles="tomcat,role1"/>
>   <user username="role1" password="tomcat" roles="role1"/>
> 
> following code fails:
> <security-constraint>
>     <web-resource-collection>
>         <web-resource-name>Sample Application</web-resource-name>
>         <description>Require users to authenticate</description>
>         <url-pattern>*.jsp</url-pattern>
>         <http-method>POST</http-method>
>         <http-method>GET</http-method>
>     </web-resource-collection>
>     <auth-constraint>
>         <role-name>adminLocal</role-name>
>     </auth-constraint>
>     <user-data-constraint>
>         <transport-guarantee>NONE</transport-guarantee>
>     </user-data-constraint>
> </security-constraint>
> <security-role>
>     <role-name>adminLocal</role-name>
> </security-role>
> <security-role-ref>
>     <role-name>admin</role-name>
>     <role-link>adminLocal</role-link>
> </security-role-ref>
> 
> if I change security-role.role-name to admin, and in auth-constraint.role-name also to
admin, than I can login,
> 
> but why doesnt' it work with <security-role-ref>  ?
> 
> regards
> Jakub
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message