Web app security on /* causes deployment exception
--------------------------------------------------
Key: GERONIMO-1585
URL: http://issues.apache.org/jira/browse/GERONIMO-1585
Project: Geronimo
Type: Bug
Components: web
Versions: 1.0
Environment: Geronimo 1.0 with Jetty
Reporter: Aaron Mulder
Priority: Critical
Fix For: 1.0.1, 1.1
Deploying a web app with the following security block causes a deployment error:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Pages</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
Note this is essentially right out of the spec (see SRV.12.8.2 in the Servlet
2.4 spec).
The error is:
org.apache.geronimo.common.DeploymentException: Unable to initialize webapp
GBean
at
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:842)
...
Caused by: java.lang.IllegalArgumentException: Qualifier patterns in the
URLPatternSpec cannot match the first URLPattern
at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:54)
at
javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:54)
at
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(JettyModuleBuilder.java:1215)
at
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:821)
... 70 more
Changing the url-pattern to / fixes the problem, but it seems to me that /*
ought to work too.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
