problem with security-constraint with Tomcat 5

[Mercado . Maria]

I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat 5.0.28.  We're 
also using Tiles and Struts 1.1.  The problem is that Tomcat 5 seems to be confused 
with a url pattern that works with Tomcat 4.  Here's the pertinent parts of web.xml (I 
get the same results with 2.3 or 2.4 version of web.xml):

"...

<!-- Struts action servlet -->
    <servlet>
        <servlet-name>strutsnav</servlet-name>
        <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
        <init-param>
            <param-name>config</param-name>
            <param-value>/WEB-INF/conf/struts-config.xml</param-value>
        </init-param>
        <init-param>
            <param-name>validate</param-name>
            <param-value>true</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

...

    <servlet-mapping>
        <servlet-name>strutsnav</servlet-name>
        <url-pattern>*.do</url-pattern>
    </servlet-mapping>

...

   <!-- JAAS Security Realm config -->
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Secure Struts Actions</web-resource-name>
            <url-pattern>*.sec.do</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>General User</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.do</form-login-page>
            <form-error-page>/logininvalid.do</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
        <role-name>General User</role-name>
    </security-role>

..."

If I try to access a sec.do Struts action, I just get a blank space in the body of the 
Tiles layout - I don't get the login form.  If I change the url-pattern in 
web-resource-collection to "*.do", then I get the login page.  It seems that Tomcat 5 
doesn't like two dots in the url pattern.  Is this a bug?

I also tried to add the following, but it didn't help:
    <servlet-mapping>
        <servlet-name>strutsnav</servlet-name>
        <url-pattern>*.sec.do</url-pattern>
    </servlet-mapping>


Thanks,
Cecile Mercado


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]