RE: problem with security-constraint with Tomcat 5
Hi, Could this be something that changed (or rather, was clarified) in the Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4 (which Tomcat 5.x implements)? ;) Yoav Shapira http://www.yoavshapira.com -Original Message- From: Mercado . Maria [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: problem with security-constraint with Tomcat 5 I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat 5.0.28. We're also using Tiles and Struts 1.1. The problem is that Tomcat 5 seems to be confused with a url pattern that works with Tomcat 4. Here's the pertinent parts of web.xml (I get the same results with 2.3 or 2.4 version of web.xml): ... !-- Struts action servlet -- servlet servlet-namestrutsnav/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet- class init-param param-nameconfig/param-name param-value/WEB-INF/conf/struts-config.xml/param-value /init-param init-param param-namevalidate/param-name param-valuetrue/param-value /init-param load-on-startup1/load-on-startup /servlet ... servlet-mapping servlet-namestrutsnav/servlet-name url-pattern*.do/url-pattern /servlet-mapping ... !-- JAAS Security Realm config -- security-constraint web-resource-collection web-resource-nameSecure Struts Actions/web-resource-name url-pattern*.sec.do/url-pattern /web-resource-collection auth-constraint role-nameGeneral User/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.do/form-login-page form-error-page/logininvalid.do/form-error-page /form-login-config /login-config security-role role-nameGeneral User/role-name /security-role ... If I try to access a sec.do Struts action, I just get a blank space in the body of the Tiles layout - I don't get the login form. If I change the url-pattern in web-resource-collection to *.do, then I get the login page. It seems that Tomcat 5 doesn't like two dots in the url pattern. Is this a bug? I also tried to add the following, but it didn't help: servlet-mapping servlet-namestrutsnav/servlet-name url-pattern*.sec.do/url-pattern /servlet-mapping Thanks, Cecile Mercado - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with security-constraint with Tomcat 5
Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated that a url pattern with 2 dots is illegal. - Cecile Mercado -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 9:12 AM To: Tomcat Users List Subject: RE: problem with security-constraint with Tomcat 5 Hi, Could this be something that changed (or rather, was clarified) in the Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4 (which Tomcat 5.x implements)? ;) Yoav Shapira http://www.yoavshapira.com -Original Message- From: Mercado . Maria [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: problem with security-constraint with Tomcat 5 I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat 5.0.28. We're also using Tiles and Struts 1.1. The problem is that Tomcat 5 seems to be confused with a url pattern that works with Tomcat 4. Here's the pertinent parts of web.xml (I get the same results with 2.3 or 2.4 version of web.xml): ... !-- Struts action servlet -- servlet servlet-namestrutsnav/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet- class init-param param-nameconfig/param-name param-value/WEB-INF/conf/struts-config.xml/param-value /init-param init-param param-namevalidate/param-name param-valuetrue/param-value /init-param load-on-startup1/load-on-startup /servlet ... servlet-mapping servlet-namestrutsnav/servlet-name url-pattern*.do/url-pattern /servlet-mapping ... !-- JAAS Security Realm config -- security-constraint web-resource-collection web-resource-nameSecure Struts Actions/web-resource-name url-pattern*.sec.do/url-pattern /web-resource-collection auth-constraint role-nameGeneral User/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.do/form-login-page form-error-page/logininvalid.do/form-error-page /form-login-config /login-config security-role role-nameGeneral User/role-name /security-role ... If I try to access a sec.do Struts action, I just get a blank space in the body of the Tiles layout - I don't get the login form. If I change the url-pattern in web-resource-collection to *.do, then I get the login page. It seems that Tomcat 5 doesn't like two dots in the url pattern. Is this a bug? I also tried to add the following, but it didn't help: servlet-mapping servlet-namestrutsnav/servlet-name url-pattern*.sec.do/url-pattern /servlet-mapping Thanks, Cecile Mercado - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with security-constraint with Tomcat 5
On Mon, 18 Oct 2004 10:45:23 -0400, Mercado . Maria [EMAIL PROTECTED] wrote: Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated that a url pattern with 2 dots is illegal. Most systems I am aware of consider that the extension is the last dot. Otherwise, it starts adding complexity. Don't expect a fix (assuming this is indeed a valid issue, which I doubt). -- x Rémy Maucherat Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with security-constraint with Tomcat 5
You didn't look hard enough :) spec-quote version=2.4 section=11.1 An extension is defined as the part of the last segment after the last '.' character. /spec-quote - Original Message - From: Mercado . Maria [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, October 18, 2004 7:45 AM Subject: RE: problem with security-constraint with Tomcat 5 Thanks for the suggestion, Yoav. I looked but I didn't see anything that stated that a url pattern with 2 dots is illegal. - Cecile Mercado -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 9:12 AM To: Tomcat Users List Subject: RE: problem with security-constraint with Tomcat 5 Hi, Could this be something that changed (or rather, was clarified) in the Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4 (which Tomcat 5.x implements)? ;) Yoav Shapira http://www.yoavshapira.com -Original Message- From: Mercado . Maria [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: problem with security-constraint with Tomcat 5 I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat 5.0.28. We're also using Tiles and Struts 1.1. The problem is that Tomcat 5 seems to be confused with a url pattern that works with Tomcat 4. Here's the pertinent parts of web.xml (I get the same results with 2.3 or 2.4 version of web.xml): ... !-- Struts action servlet -- servlet servlet-namestrutsnav/servlet-name servlet-classorg.apache.struts.action.ActionServlet/servlet- class init-param param-nameconfig/param-name param-value/WEB-INF/conf/struts-config.xml/param-value /init-param init-param param-namevalidate/param-name param-valuetrue/param-value /init-param load-on-startup1/load-on-startup /servlet ... servlet-mapping servlet-namestrutsnav/servlet-name url-pattern*.do/url-pattern /servlet-mapping ... !-- JAAS Security Realm config -- security-constraint web-resource-collection web-resource-nameSecure Struts Actions/web-resource-name url-pattern*.sec.do/url-pattern /web-resource-collection auth-constraint role-nameGeneral User/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.do/form-login-page form-error-page/logininvalid.do/form-error-page /form-login-config /login-config security-role role-nameGeneral User/role-name /security-role ... If I try to access a sec.do Struts action, I just get a blank space in the body of the Tiles layout - I don't get the login form. If I change the url-pattern in web-resource-collection to *.do, then I get the login page. It seems that Tomcat 5 doesn't like two dots in the url pattern. Is this a bug? I also tried to add the following, but it didn't help: servlet-mapping servlet-namestrutsnav/servlet-name url-pattern*.sec.do/url-pattern /servlet-mapping Thanks, Cecile Mercado - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is intended only for the use of the person(s) listed above as the intended recipient(s), and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not an intended recipient, you may not read, copy, or distribute this message or any attachment. If you received this communication in error, please notify us immediately by e-mail and then delete all copies of this message and any attachments. In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet is not secure. Do not send confidential or sensitive information, such as social security numbers, account numbers, personal identification numbers and passwords, to us via ordinary (unencrypted) e-mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
