JBoss web.xml entry for security-constraint login/redirector wont work under
Tomcat
-----------------------------------------------------------------------------------
Key: JS2-526
URL: http://issues.apache.org/jira/browse/JS2-526
Project: Jetspeed 2
Type: Bug
Components: Security
Versions: 2.1-dev
Environment: Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev
(sources)
Reporter: Bruno Marti
Priority: Minor
I've built my own portal from the 2.1-dev sources.
The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
(seems like the same problem in Issue JS2-496:
http://issues.apache.org/jira/browse/JS2-496)
If I'm manually adding the following role-name in portal's web.xml, it works
fine, on both tomcat and jboss servers:
<role-name>*</role-name>
here the new full constraint entry:
...
<!-- Protect LogInRedirectory.jsp. This will require a login when
called -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
<url-pattern>/login/redirector</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- the required portal user role name defined in: -->
<!-- /WEB-INF/assembly/security-atn.xml -->
<role-name>portal-user</role-name>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
...
Is this quite correct or do I have a security problem now?
Or is there a bug in JBoss?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
