Web app security on /* causes deployment exception --------------------------------------------------
Key: GERONIMO-1585 URL: http://issues.apache.org/jira/browse/GERONIMO-1585 Project: Geronimo Type: Bug Components: web Versions: 1.0 Environment: Geronimo 1.0 with Jetty Reporter: Aaron Mulder Priority: Critical Fix For: 1.0.1, 1.1 Deploying a web app with the following security block causes a deployment error: <security-constraint> <web-resource-collection> <web-resource-name>All Pages</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>User</role-name> </auth-constraint> </security-constraint> Note this is essentially right out of the spec (see SRV.12.8.2 in the Servlet 2.4 spec). The error is: org.apache.geronimo.common.DeploymentException: Unable to initialize webapp GBean at org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:842) ... Caused by: java.lang.IllegalArgumentException: Qualifier patterns in the URLPatternSpec cannot match the first URLPattern at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:54) at javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:54) at org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(JettyModuleBuilder.java:1215) at org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:821) ... 70 more Changing the url-pattern to / fixes the problem, but it seems to me that /* ought to work too. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira