*outch* This mean i will have to change my web.xml with future tomcat version. How do I allow access to a ressource to all authenticated users now?
Mark Thomas a écrit : >Oliver Kohll wrote: > > >>Hi, >> >>I have security for a web application managed by a DataSource database >>realm. Using tomcat 5.5.14 this works fine but in 5.5.15 there seems to >>be a problem. >> >> > > > >>The problem seems to be the <role-name>*</role-name> line. If I put a >>specific role in, users in that role can log in but the * wildcard >>doesn't work. A 403 HTTP rejection is issued if the user inputs a >>correct username and password (if they put in the wrong username/ >>password, it prompts again as expected). As users themselves can add >>roles to the database, I don't know what the roles may be so I have to >>use the wildcard. >> >> > >The special role "*" means all roles specified in web.xml. It does not >mean all roles specified in the realm nor does it mean all >authenticated users. > >The fix for 15570 was to correctly handle "*". It used to be >interpreted as all authenticated users. It is now correctly >interpreted as all roles defined in web.xml. > >Mark > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]