Oliver Kohll wrote: > Hi, > > I have security for a web application managed by a DataSource database > realm. Using tomcat 5.5.14 this works fine but in 5.5.15 there seems to > be a problem.
> The problem seems to be the <role-name>*</role-name> line. If I put a > specific role in, users in that role can log in but the * wildcard > doesn't work. A 403 HTTP rejection is issued if the user inputs a > correct username and password (if they put in the wrong username/ > password, it prompts again as expected). As users themselves can add > roles to the database, I don't know what the roles may be so I have to > use the wildcard. The special role "*" means all roles specified in web.xml. It does not mean all roles specified in the realm nor does it mean all authenticated users. The fix for 15570 was to correctly handle "*". It used to be interpreted as all authenticated users. It is now correctly interpreted as all roles defined in web.xml. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
