Marcel Stör wrote: > Not sure I can follow you guys on this...A few questions, my assumption > is that the role-issue has nothing to do with the real problem:
Correct. Chuck and I are off on our own little tangent. > 1. Is the "*"-role issues even relevant in my context? After all, the > security constraint works fine if I initially log in... At this stage, I don't believe it is relevant. > 2. My requirement is indeed: "allow any authenticated user, ignore roles > all together". So I set > <auth-constraint> > <role-name>*</role-name> > </auth-constraint> > </security-constraint> > ... > <security-role> > <role-name>*</role-name> > </security-role> > > in web.xml and allRolesMode="AUTH_ONLY_MODE" in the JDBC realm config. > Correct? Correct. > Uummhh, obviously not, because there's still this error in the > log, but it has no impact: > > Feb 27, 2009 12:06:43 AM org.apache.catalina.realm.JDBCRealm getRoles > SEVERE: Exception performing authentication > java.sql.SQLException: ORA-00903: invalid table name Tomcat expects there to be a role table with the right fields - even if it doesn't actually need it. > at > oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112) > at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:331) > at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:288) > > 3. Why does it seem to be relevant that the request where > auto-forwarding-to-login-after-session-timeout fails is an AJAX request? Maybe AJAX can't handle the redirect that Tomcat issues? ieHttpHeaders (IE), LiveHttpHeaders (FireFox), tcpmon (from Apache Axis) or an equivalent tool is required here to look at the HTTP headers going back and forth. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
