> From: Propes, Barry L [mailto:[EMAIL PROTECTED] > Subject: RE: authenticated but not authorized -- blank page > > I'm on an older version of Tomcat, but I don't have a > separate security-role atttribute tag like his: > > <!-- Security roles referenced by this web application --> > <security-role> > <role-name>guest1</role-name> > <role-name>guest2</role-name> > </security-role>
That's required by the servlet spec. Current versions of Tomcat produce this message when the list is not present: May 2, 2008 12:26:25 PM org.apache.catalina.startup.ContextConfig validateSecurityRoles INFO: WARNING: Security role name manager used in an <auth-constraint> without being defined in a <security-role> Still seems to function o.k. without the list, but it is mandated by the spec. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
