Hi Ray, sorry for the delay.
On Sep 19, 2009, at 5:35 PM, Ray Clough wrote:
In my web.xml file I have a security constraint which is intended
simply to block direct access to the jsp, jspx, xhtml files
directly. Here is the snippet from web.xml Unavailable_Raw_Pages
RawPages *.xhtml *.jsp *.jspx *.tiles POST GET PUT DELETE Since no
roles are defined, the content is completely blocked. When I deploy
the app as a WAR file to geronimo, this works well.
I'm quite surprised at this. I would expect you would get the same
message as you get with an ear.
Now when I'm trying to deploy as an EAR, it won't deploy with
message "web.xml for web app XXX.war includes security elements but
Geronimo deployment plan is not provided or does not contain element
necessary to configure security accordingly." I have tried various
different contents in geronimo-application.xml, but I always get the
same error. The app uses custom security, and I do not have any
security realm defined on Geronimo. Can I do this, and if so, how?
Thanks, - Ray Clough
I'm pretty sure you need the <security/> element but I don't think you
need anything inside. I don't recall if you need a security realm or
not. As you say, you shouldn't really. I think I remember making
this scenario work in 2.2 some time ago: it may not work in 2.1.x.
I don't suppose you have a simple app to demonstrate the behavior?
thanks
david jencks
View this message in context: security constraint question
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.