[jira] Commented: (GERONIMO-1585) Web app security on /* causes deployment exception

Fri, 19 Jan 2007 12:00:53 -0800 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-1585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466135
 ] 

David Jencks commented on GERONIMO-1585:
----------------------------------------

Fix for /* applied in rev 497925 in 1.2 and rev 497904.  I have not yet 
investigated whether the other problems discussed here are in fact transferred 
to other jira issues.

> Web app security on /* causes deployment exception
> --------------------------------------------------
>
>                 Key: GERONIMO-1585
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-1585
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security, web
>    Affects Versions: 1.1, 1.1.2, 1.2, 2.0
>         Environment: Geronimo 1.0 with Jetty and tomcat
>            Reporter: Aaron Mulder
>         Assigned To: David Jencks
>            Priority: Critical
>             Fix For: 1.1.x, 1.2, 2.0-M2
>
>         Attachments: G1585-Geronimo2.0.patch, g1585-nologin.war, g1585.war, 
> security.patch
>
>
> Deploying a web app with the following security block causes a deployment 
> error:
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>All Pages</web-resource-name>
>             <url-pattern>/*</url-pattern>
>             <http-method>GET</http-method>
>             <http-method>POST</http-method>
>             <http-method>PUT</http-method>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>User</role-name>
>         </auth-constraint>
>     </security-constraint>
> Note this is essentially right out of the spec (see SRV.12.8.2 in the Servlet 
> 2.4 spec).
> The error is:
>     org.apache.geronimo.common.DeploymentException: Unable to initialize 
> webapp GBean
>         at 
> org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:842)
>         ...
>     Caused by: java.lang.IllegalArgumentException: Qualifier patterns in the 
> URLPatternSpec cannot match the first URLPattern
>         at javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:54)
>         at 
> javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:54)
>         at 
> org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(JettyModuleBuilder.java:1215)
>         at 
> org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:821)
>         ... 70 more
> Changing the url-pattern to / fixes the problem, but it seems to me that /* 
> ought to work too.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to