Hi,
I am having problem with Tomcat 5.5.17 jsp example of accessing protected
pages
(example: http://localhost:8080/jsp-examples/security/protected/)
Logging with valid user and role: user/password/role="tomcat/tomcat/tomcat"
works fine.
Logging with a valid user and invalid role
(user/password/role="role1/tomcat/role1") results in msg 403
(HTTP Status 403 - Access to the requested resource has been denied).
I am using supplied tomcat-users.xml.
Before experimenting I made this role (role1) invalid by editing
webapps/jsp-examples/WEB-INF/web.xml file like:
...
<auth-constraint>
<role-name>tomcat</role-name>
<!-- role-name>role1</role-name -->
</auth-constraint>
...
After receiving msg 403 applicatin will not work even with the valid user
role (msg 403 produced).
I found the same problem for Tomcat4 reported at:
http://mail-archives.apache.org/mod_mbox/tomcat-dev/200204.mbox/[EMAIL
PROTECTED]
I also have seen somewhere that it was reported to be fixed for Tomcat4.
Did the old problem penetrate to Tomcat 5.5.17 or
did I forget to configure something?
Regards,
Val.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
