/show_bug.cgi?id=13772
Class loader HOWTO needs to href security HOWTO for WebappX
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=26421
can not config different security-constraint for differenct folders under same webapp
Summary: can not config different security-constraint for
differenct folders under same webapp
Product: Tomcat 5
Version: 5.0.16
/show_bug.cgi?id=26421
can not config different security-constraint for differenct folders under same webapp
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
/show_bug.cgi?id=26421
can not config different security-constraint for differenct folders under same webapp
--- Additional Comments From [EMAIL PROTECTED] 2004-01-25 20:27 ---
Changed to 5.0.18, it does solve my problem, thanks a lot
/show_bug.cgi?id=26421
can not config different security-constraint for differenct folders under same webapp
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED
/show_bug.cgi?id=26174
NoClassDefFoundError when calling getNamedDispatcher with security manager
Summary: NoClassDefFoundError when calling getNamedDispatcher
with security manager
Product: Tomcat 4
Version: 4.1.24
Platform: PC
OS
, and it seems that
Tomcat is working fine. I set allowTrace=true on the connector, and put
in a security-constraint to forbid TRACE in ROOT/WEB-INF/web.xml but no
login-config. The result is a perfectly good 403 response to 'TRACE /
HTTP/1.0', and a perfectly good TRACE response to 'TRACE /jsp
Bill Barker wrote:
Ok, this isn't right. Tomcat defaults to NonLoginAuthenticator if there is
no login-config. This one just approves everybody for everything.
Ok. This isn't absolutely critical, but needs to be fixed.
Rémy
-
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Sunday, January 11, 2004 1:18 AM
Subject: Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability
Bill Barker wrote:
Ok, this isn't right. Tomcat defaults
Remy Maucherat wrote:
Bill Barker wrote:
I just tried this with the CVS HEAD of Tomcat 5 (after putting in a
security-constraint in the ROOT web.xml) and Tomcat happily returned a
403
response.
I don't care about this lame XSS bug. However, what you describe doesn't
work for me.
There are two
Remy Maucherat wrote:
Remy Maucherat wrote:
Bill Barker wrote:
I just tried this with the CVS HEAD of Tomcat 5 (after putting in a
security-constraint in the ROOT web.xml) and Tomcat happily returned
a 403
response.
I don't care about this lame XSS bug. However, what you describe
doesn't
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Saturday, January 10, 2004 5:24 AM
Subject: Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability
Remy Maucherat wrote:
Bill Barker wrote:
I just tried
- Original Message -
From: Bill Barker [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Saturday, January 10, 2004 6:28 PM
Subject: Re: SECURITY BUG: No place to disable HTTP TRACE vulnerability
- Original Message -
From: Remy Maucherat [EMAIL PROTECTED
/show_bug.cgi?id=25981
jsp security example does not work!
Summary: jsp security example does not work!
Product: Tomcat 5
Version: 5.0.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
/show_bug.cgi?id=25981
jsp security example does not work!
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
/show_bug.cgi?id=25981
jsp security example does not work!
--- Additional Comments From [EMAIL PROTECTED] 2004-01-08 16:27 ---
What in the world is, It works for me now supposed to mean? Does this mean it
didn't work for you five minutes ago, it always worked. This is a very default
install
/show_bug.cgi?id=25981
jsp security example does not work!
--- Additional Comments From [EMAIL PROTECTED] 2004-01-08 16:34 ---
Answering bug reports is (of course) always based on the current CVS code.
Security constraint checking was updated since 5.0.16
remm2004/01/06 00:39:20
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
- I didn't test it, but I saw a typo.
Revision ChangesPath
1.13 +5 -5
jakarta-tomcat-catalina/catalina/src/share/org/apache
[EMAIL PROTECTED] wrote:
billbarker2004/01/05 20:27:34
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
Adding classes for Coyote-Jk.
This addresses Bug #25819.
Reported By: Dario Bonino [EMAIL PROTECTED]
Revision
- Original Message -
From: Jeanfrancois Arcand [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 7:40 AM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security
billbarker2004/01/06 20:56:09
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
reviting patch.
Revision ChangesPath
1.14 +4 -13
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security
billbarker2004/01/06 21:33:28
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
Preload the new PAs.
Revision ChangesPath
1.15 +18 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina
billbarker2004/01/05 20:27:34
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
Adding classes for Coyote-Jk.
This addresses Bug #25819.
Reported By: Dario Bonino [EMAIL PROTECTED]
Revision ChangesPath
/show_bug.cgi?id=11603
security fails for http-method != GET when user is forced to login
[EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL
/show_bug.cgi?id=11603
security fails for http-method != GET when user is forced to login
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=25796
Multiple security-contraint entries in web.xml lead to too-restrictive behaviour
Summary: Multiple security-contraint entries in web.xml lead to
too-restrictive behaviour
Product: Tomcat 5
Version: 5.0.16
Platform: PC
/show_bug.cgi?id=25796
Multiple security-contraint entries in web.xml lead to too-restrictive behaviour
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
/show_bug.cgi?id=25625
Security Restrictions don't apply to initial page
Summary: Security Restrictions don't apply to initial page
Product: Tomcat 5
Version: 5.0.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
/show_bug.cgi?id=25625
Security Restrictions don't apply to initial page
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=25625
Security Restrictions don't apply to initial page
--- Additional Comments From [EMAIL PROTECTED] 2003-12-18 14:58 ---
O.K, I thought it was a bug, because in tomcat 4 it works flawlessly
/show_bug.cgi?id=25625
Security Restrictions don't apply to initial page
--- Additional Comments From [EMAIL PROTECTED] 2003-12-18 15:07 ---
Tomcat 4 issues an external redirect of welcome files so after the redirect is
performed, the security constraint may be applied.
Tomcat5 does
If a security-constraint is defined protecting a certain uri but no
login-config is defined in web.xml then upon accessing the uri, tomcat
respond with the following error:
HTTP Status 500 - Configuration error: Cannot perform access control
without an authenticated principal
/show_bug.cgi?id=25367
SECURITY requests for jsp pages bypass apache AuthUserFile directive
Summary: SECURITY requests for jsp pages bypass apache
AuthUserFile directive
Product: Tomcat 4
Version: 4.1.18
Platform: PC
OS/Version: Linux
/show_bug.cgi?id=24270
NoClassDefFoundError when running in security mode
Summary: NoClassDefFoundError when running in security mode
Product: Tomcat 5
Version: Nightly Build
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity
/show_bug.cgi?id=24270
NoClassDefFoundError when running in security mode
--- Additional Comments From [EMAIL PROTECTED] 2003-10-30 23:34 ---
Created an attachment (id=8840)
war file to reproduce
-
To unsubscribe, e-mail
/show_bug.cgi?id=24270
NoClassDefFoundError when running in security mode
--- Additional Comments From [EMAIL PROTECTED] 2003-10-30 23:36 ---
http://localhost:8080/jsp_jspwriter_web/JspWriterTest.jsp?testname=jspWriterClearIOExceptionTest
is the url that triggered the error with attached war
jfarcand2003/10/30 17:30:01
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
http11/src/java/org/apache/coyote/http11
Http11Processor.java InternalOutputBuffer.java
jasper2/src
/show_bug.cgi?id=24270
NoClassDefFoundError when running in security mode
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=23759
allow web.xml security-constraint to restrict by request-origin-host or used-port
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|REOPENED
/show_bug.cgi?id=23759
allow web.xml security-constraint to restrict by request-origin-host or used-port
Summary: allow web.xml security-constraint to restrict by
request-origin-host or used-port
Product: Tomcat 4
Version: 4.1.28
Platform
/show_bug.cgi?id=23759
allow web.xml security-constraint to restrict by request-origin-host or used-port
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
/show_bug.cgi?id=23759
allow web.xml security-constraint to restrict by request-origin-host or used-port
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|RESOLVED
jfarcand2003/09/19 14:24:48
Modified:jasper2/src/share/org/apache/jasper/runtime
PageContextImpl.java
jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log:
Package protect the class properly
jfarcand2003/09/19 15:03:35
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
Add missing doPrivileged block
Revision ChangesPath
1.10 +13 -4
jakarta-tomcat-catalina/catalina/src/share/org/apache
jfarcand2003/09/10 09:56:45
Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
Log:
Always associate a Subject. If not created, then create a default one.
Revision ChangesPath
1.7 +5 -0
jakarta-tomcat-catalina
jfarcand2003/09/10 14:28:37
Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
Log:
Do not create session when no one is available.
Revision ChangesPath
1.8 +9 -5
jakarta-tomcat-catalina/catalina/src/share/org
does tomcat have a nominated contact for security issues?
(those people who are pmc members will probably already know why i'm
asking)
- robert
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail
robert burrell donkin wrote:
does tomcat have a nominated contact for security issues?
(those people who are pmc members will probably already know why i'm
asking)
Security issues should be forwarded to the tomcat-committers list.
Remy
On Monday, September 8, 2003, at 08:43 PM, Remy Maucherat wrote:
robert burrell donkin wrote:
does tomcat have a nominated contact for security issues?
(those people who are pmc members will probably already know why i'm
asking)
Security issues should be forwarded to the tomcat-committers list
remm2003/09/02 07:10:11
Added: catalina/src/share/org/apache/catalina/security
LocalStrings_ja.properties
Log:
- Update Japanese translation, submitted by Kazuhiro Kazama.
Revision ChangesPath
1.1
jakarta-tomcat-catalina
/show_bug.cgi?id=15291
Security Manager Does not work
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution
I wouldn't be able to try to duplicate this -- I do not use mod_jk2. On
my system, with mod_jk it seems the problem is gone with the
workaround.
Jeff Tulley ([EMAIL PROTECTED])
(801)861-5322
Novell, Inc., The Leading Provider of Net Business Solutions
http://www.novell.com
[EMAIL PROTECTED]
In a server environment, no.
http://jakarta.apache.org/tomcat/faq/security.html#8005
-Tim
NAIK,ROSHAN (HP-Cupertino,ex1) wrote:
Given that _anybody_ on the local machine could simply telnet to the
port and issue a SHUTDOWN command. Isnt the current shutdown mechanism in
Tomcat 4 a security
lately discussing a possible security
hole,
but only 1/3 of the people in the thread could see the problem. I
finally got to where I could see it using Tomcat 4.1.24 and JVM
1.4.2,
but NOT with JVM 1.4.1.
The vulnerability is that if you stick a %20 on the end of a .jsp
url, you get the source
/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint
user-data-constraint)
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW
The user list has been busy lately discussing a possible security hole,
but only 1/3 of the people in the thread could see the problem. I
finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2,
but NOT with JVM 1.4.1.
The vulnerability is that if you stick a %20 on the end
The user list has been busy lately discussing a possible security hole,
but only 1/3 of the people in the thread could see the problem. I
finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2,
but NOT with JVM 1.4.1.
The vulnerability is that if you stick a %20 on the end
Jeff Tulley wrote:
Verified on Win XP as well. Using that flag fixes the problem. Thanks
for making that connection!
I've still got the problem when using the mod_jk2 connector.
I'm using Tomcat 4.1.27 w/ patch on Windows 2000 SP4, behind an Apache
2.0.47 web server, with the J2SE 1.4.2.
don't have a winXX)?
-- Jeanfrancois
Jeff Tulley wrote:
The user list has been busy lately discussing a possible security hole,
but only 1/3 of the people in the thread could see the problem. I
finally got to where I could see it using Tomcat 4.1.24 and JVM 1.4.2,
but NOT with JVM 1.4.1
)?
-- Jeanfrancois
Jeff Tulley wrote:
The user list has been busy lately discussing a possible security
hole,
but only 1/3 of the people in the thread could see the problem. I
finally got to where I could see it using Tomcat 4.1.24 and JVM
1.4.2,
but NOT with JVM 1.4.1.
The vulnerability
Yes, adding
-Dsun.io.useCanonCaches=false
to the tomcat seemed to fix the security hole I discovered on my 4.1.24 tomcat on Windows XP using JDK 1.4.2. Great job finding a solution. It's a testament to open source and cooperation. Fortunately it's JSP source it's showing and people should
.
Paul Sundling wrote:
Yes, adding
-Dsun.io.useCanonCaches=false
to the tomcat seemed to fix the security hole I discovered on my
4.1.24 tomcat on Windows XP using JDK 1.4.2. Great job finding a
solution. It's a testament to open source and cooperation.
Fortunately it's JSP source it's
:
[EMAIL PROTECTED]Subject: Tomcat shutdown port and
security
om
Given that _anybody_ on the local machine could simply telnet to the
port and issue a SHUTDOWN command. Isnt the current shutdown mechanism in
Tomcat 4 a security issue ?
-- Roshan
-
To unsubscribe, e-mail: [EMAIL PROTECTED
/show_bug.cgi?id=22032
missing security-policy in default-configuration
--- Additional Comments From [EMAIL PROTECTED] 2003-08-01 15:07 ---
OK, but the problem occured not only with precompiled JSPs. For me, even the
standard tomcat webapps/index.jsp and all of the jsp-examples threw
/show_bug.cgi?id=22032
missing security-policy in default-configuration
Summary: missing security-policy in default-configuration
Product: Tomcat 5
Version: 5.0.5
Platform: Other
OS/Version: Linux
Status: NEW
Severity: Normal
/show_bug.cgi?id=22032
missing security-policy in default-configuration
--- Additional Comments From [EMAIL PROTECTED] 2003-07-31 20:46 ---
As a better worksaround, in conf/catalina.properties, remove the jasper package
from the list of protected packages. I will investigate why this exception
/show_bug.cgi?id=22032
missing security-policy in default-configuration
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint
user-data-constraint)
[EMAIL PROTECTED] changed:
What|Removed |Added
Version|4.1.18
/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint
user-data-constraint)
--- Additional Comments From [EMAIL PROTECTED] 2003-07-17 23:04 ---
As far as I can tell this is an IE bug. Using the snoop example, Tomcat first
redirects to SSL
WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint
user-data-constraint)
--- Additional Comments From [EMAIL PROTECTED] 2003-07-17 23:04
---
As far
- Original Message -
From: Mark Thomas [EMAIL PROTECTED]
To: 'Tomcat Developers List' [EMAIL PROTECTED]
Sent: Thursday, July 17, 2003 4:09 PM
Subject: RE: DO NOT REPLY [Bug 13861] - Authentication / SSL conflict
(web.xml security-constraint auth-constraint user-data-constraint)
All
to
update our JSPs which lives in the same webapp as their static content.
We see it as a security risk to be able to write arbitrary JSP code
that gets executed on our servers.
The neatest way of doing this protection was in the web.xml:
!-- This constraint makes sure no JSP files are overwritten
the worst offender to mix security
updates with other changes in a new release ;)
This is a good example of why Jeff Trawick and I spent many posts arguing
the benefits of maintaining binary compatibility from update to update within
the remaining releases of Apache 2.0 :-)
Unfortunately
For those who wonder why Redhat didn't update Apache 2.0 in distro
8.0 and 9.0, just read :
http://www.redhat.com/advice/speaks_backport.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
For those who wonder why Redhat didn't update Apache 2.0 in distro
8.0 and 9.0, just read :
http://www.redhat.com/advice/speaks_backport.html
Apache httpd was an example that I happened to remember when writing that
explanation - Apache is far from the worst offender to mix security
updates
jfarcand2003/06/23 12:22:26
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
Put the method call under the proper method :-)
Revision ChangesPath
1.9 +7 -7
jakarta-tomcat-catalina/catalina/src/share
jfarcand2003/06/23 12:33:09
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/security - New directory
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
jfarcand2003/06/23 12:35:59
Modified:jasper2 build.xml
jasper2/src/share/org/apache/jasper/compiler
JspRuntimeContext.java
Added: jasper2/src/share/org/apache/jasper/security
SecurityClassLoad.java
Log
/secure/*.
Have you have ever seen this problem before?
Thanks for any help
-- Rosaria
!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
...
!-- SECURITY CONSTRAINT --
security-constraint
web-resource
Your web.xml file is invalid. If you re-post the question to tomcat-user,
I'll be more than happy to explain why.
- Original Message -
From: Rosaria Silipo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 16, 2003 7:20 PM
Subject: problems with web.xml and security
Hi,
I
remm2003/06/16 14:42:40
Modified:catalina/src/share/org/apache/catalina/security
SecurityClassLoad.java
Log:
- AFAIK, CookieTools is no longer used.
- For compat, it is placed in catalina-optional, but I don't see a need to preload
it.
Revision
-6271
-Original Message-
From: Mohamed Tagari [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 9:32 AM
To: [EMAIL PROTECTED]
Subject: security of server.xml in tomcat
Hi,
Is there any way of instantiating the password and username
parameters for connecting
Hi,
Is there any way of instantiating the password and username
parameters for connecting to a database in the application code rather
than having it as plain text in the server.xml.
As having the username and password as plain text is not
very secure..
Any help/information will be
PROTECTED]
Sent: Monday, June 09, 2003 9:32 AM
To: [EMAIL PROTECTED]
Subject: security of server.xml in tomcat
Hi,
Is there any way of instantiating the password and username
parameters for connecting to a database in the application code rather
than having it as plain text in the server.xml
On Monday, June 9, 2003, at 03:31 PM, Mohamed Tagari wrote:
Hi,
Is there any way of instantiating the password and username
parameters for connecting to a database in the application code rather
than having it as plain text in the server.xml.
As having the username and password as plain text is
jfarcand2003/06/04 14:15:39
Modified:catalina/src/share/org/apache/catalina/security
SecurityUtil.java
Log:
Add caching mechanism to improve performance. Instead of creating a Method object
each time the filter/servlet is invoked, use the cached object
/show_bug.cgi?id=19158
Security hole in FormAuthenticator regarding session ID.
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
I think I've found a fairly important place where Tomcat is not spec
compliant. I think there is code in there to make this work, but the
code must have a bug.
The spec part is: SRV 12.5.3, actually in J2EE.12.5.3.1 Login Form
Notes:
...
If the form based login is invoked because of an HTTP
More info:
Pre-existing bug in bugzilla, 10229.
It seems to be a connector issue. As the bug states, I can use the old
org.apache.catalina.connector.http.HttpConnector and get the desired
correct behavior. Since the Coyote Connector is used widely and is the
default, any chance of getting this
/show_bug.cgi?id=14066
AJP13 connection security info not passed through
[EMAIL PROTECTED] changed:
What|Removed |Added
CC||[EMAIL PROTECTED
Isaacs [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Saturday, January 25, 2003 8:30 PM
Subject: [ANN] Security update: Apache Tomcat 3.3.1a released
Tomcat 3.3.1a has been released to address the following two
vulnerabilities found in Tomcat 3.3.1 and earlier
This was the quickest way to deal with a security
vulnerability that was discussed on tomcat-committers.
At the time Tomcat 3.3.x wasn't building and the
last good build doesn't pass one of the internal
tests. Also, I haven't had time to clean out
the old mod_jk content and to other clean up
application via its web.xml
file in spite of the presence of a security manager. The content
of files that can be read as part of an XML document would be
accessible. If you are running Tomcat 3.3.1 or earlier with a
security manager, and are serving web applications whose web.xml
content is not known
Ari, ( many time without posting, readed most of everyone every day, but
paycheck commanded me :()
Btw, I guess that it is impossible to use roles
when one has apache as front end also.
Yes, AFAIK this is the case for Apache too.. and in addition i dont
think there is nothing
Hi,
Security roles in web.xml do not work with IIS
Btw, I guess that it is impossible to use roles
when one has apache as front end also.
--- Additional Comments From [EMAIL PROTECTED] 2003-01-20 15:18 ---
The idea was to use NT UserGroups as Roles, but never
/show_bug.cgi?id=16253
Security roles in web.xml do not work with IIS
Summary: Security roles in web.xml do not work with IIS
Product: Tomcat 4
Version: 4.1.18
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Normal
/show_bug.cgi?id=16253
Security roles in web.xml do not work with IIS
[EMAIL PROTECTED] changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution
/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint
user-data-constraint)
--- Additional Comments From [EMAIL PROTECTED] 2002-12-28 16:55 ---
Created an attachment (id=4278)
workaround: web.xml
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED
/show_bug.cgi?id=13861
Authentication / SSL conflict (web.xml security-constraint auth-constraint
user-data-constraint)
--- Additional Comments From [EMAIL PROTECTED] 2002-12-28 16:55 ---
Created an attachment (id=4279)
workaround: loginforward.jsp
--
To unsubscribe, e-mail: mailto:[EMAIL
101 - 200 of 583 matches
Mail list logo
