auth-constraint in web.xml in tomcat 5.5.15

Fri, 03 Feb 2006 08:11:01 -0800 

Hi,
I have security for a web application managed by a DataSource database realm. Using tomcat 5.5.14 this works fine but in 5.5.15 there seems to be a problem. 

My application's web.xml contains

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>portalBase Application</web-resource-name>
        <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>*</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>portalBase Application</realm-name>
        </login-config>


The problem seems to be the <role-name>*</role-name> line. If I put a  
specific role in, users in that role can log in but the * wildcard  
doesn't work. A 403 HTTP rejection is issued if the user inputs a  
correct username and password (if they put in the wrong username/ 
password, it prompts again as expected). As users themselves can add  
roles to the database, I don't know what the roles may be so I have  
to use the wildcard.



I see in the 5.5.15 changelog http://tomcat.apache.org/tomcat-5.5-doc/ 
changelog.html there are a few items relating to the * role, I wonder  
if one of these is something to do with it.


The code in tomcat's conf/server.xml is

        <Context path="/portalBase" docBase="portalBase"
          debug="0" reloadable="false" crossContext="false">

          <Resource name="jdbc/portalBase" auth="Container"  
type="javax.sql.DataSource"

               maxActive="10" maxIdle="5" maxWait="10000"

               username="myusername" password="mypassword"  
driverClassName="org.postgresql.Driver"

               url="jdbc:postgresql://localhost/chportalbase"/>

          <Realm  
className="org.apache.catalina.realm.DataSourceRealm" debug="99"

               dataSourceName="jdbc/portalBase" localDataSource="true"

               userTable="dbint_users" userNameCol="username"  
userCredCol="password"
               userRoleTable="dbint_user_roles"  
roleNameCol="rolename"/>

        </Context>

Any ideas?

Regards,

Oliver

[EMAIL PROTECTED] / 0845 456 1810 / 07814 828608
Furze Bank, 34 Hanover Street, SWANSEA UK, SA1 6BA


NOTE

No contracts may be concluded on behalf of GT webMarque by means of e- 
mail

communications. The contents of this e-mail are confidential to the
intended recipient at the e-mail address to which it has been addressed;
it may not be disclosed to or used by anyone other than this addressee,
nor may it be copied in any way. If received in error please return to
sender via e-mail.

DISCLAIMER
Please note that neither GT webMarque Ltd nor the sender accept any
responsibility for viruses transmitted via e-mail. It is your
responsibility to scan attachments (if any).























					Reply via email to