Hi,
Could this be something that changed (or rather, was clarified) in the
Servlet Spec between version 2.3 (which Tomcat 4.x implements) and 2.4
(which Tomcat 5.x implements)? ;)

Yoav Shapira http://www.yoavshapira.com


>-----Original Message-----
>From: Mercado . Maria [mailto:[EMAIL PROTECTED]
>Sent: Monday, October 18, 2004 10:08 AM
>To: [EMAIL PROTECTED]
>Subject: problem with security-constraint with Tomcat 5
>
>I'm looking into migrating our project from Tomcat 4.1.30 to Tomcat
5.0.28.
>We're also using Tiles and Struts 1.1.  The problem is that Tomcat 5
seems
>to be confused with a url pattern that works with Tomcat 4.  Here's the
>pertinent parts of web.xml (I get the same results with 2.3 or 2.4
version
>of web.xml):
>
>"...
>
><!-- Struts action servlet -->
>    <servlet>
>        <servlet-name>strutsnav</servlet-name>
>        <servlet-class>org.apache.struts.action.ActionServlet</servlet-
>class>
>        <init-param>
>            <param-name>config</param-name>
>            <param-value>/WEB-INF/conf/struts-config.xml</param-value>
>        </init-param>
>        <init-param>
>            <param-name>validate</param-name>
>            <param-value>true</param-value>
>        </init-param>
>        <load-on-startup>1</load-on-startup>
>    </servlet>
>
>...
>
>    <servlet-mapping>
>        <servlet-name>strutsnav</servlet-name>
>        <url-pattern>*.do</url-pattern>
>    </servlet-mapping>
>
>...
>
>   <!-- JAAS Security Realm config -->
>    <security-constraint>
>        <web-resource-collection>
>            <web-resource-name>Secure Struts
Actions</web-resource-name>
>            <url-pattern>*.sec.do</url-pattern>
>        </web-resource-collection>
>        <auth-constraint>
>            <role-name>General User</role-name>
>        </auth-constraint>
>    </security-constraint>
>
>    <login-config>
>        <auth-method>FORM</auth-method>
>        <form-login-config>
>            <form-login-page>/login.do</form-login-page>
>            <form-error-page>/logininvalid.do</form-error-page>
>        </form-login-config>
>    </login-config>
>
>    <security-role>
>        <role-name>General User</role-name>
>    </security-role>
>
>..."
>
>If I try to access a sec.do Struts action, I just get a blank space in
the
>body of the Tiles layout - I don't get the login form.  If I change the
>url-pattern in web-resource-collection to "*.do", then I get the login
>page.  It seems that Tomcat 5 doesn't like two dots in the url pattern.
Is
>this a bug?
>
>I also tried to add the following, but it didn't help:
>    <servlet-mapping>
>        <servlet-name>strutsnav</servlet-name>
>        <url-pattern>*.sec.do</url-pattern>
>    </servlet-mapping>
>
>
>Thanks,
>Cecile Mercado
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to