Oops no it didn't, my mistake. The app now doesn't prompt for
authentication at all. Is there a way of getting it to work so that
the authentication is used but you don't have to hard code roles in
web.xml?
Regards,
Oliver
Begin forwarded message:
From: Oliver Kohll <[EMAIL PROTECTED]>
Date: 6 February 2006 10:54:55 GMT
To: "Tomcat Users List" <users@tomcat.apache.org>
Subject: Re: auth-constraint in web.xml in tomcat 5.5.15
Thanks. Commenting out the <auth-constraint> got the result I want.
Oliver
On 3 Feb 2006, at 17:54, Mark Thomas wrote:
Oliver Kohll wrote:
Hi,
I have security for a web application managed by a DataSource
database
realm. Using tomcat 5.5.14 this works fine but in 5.5.15 there
seems to
be a problem.
The problem seems to be the <role-name>*</role-name> line. If I
put a
specific role in, users in that role can log in but the * wildcard
doesn't work. A 403 HTTP rejection is issued if the user inputs a
correct username and password (if they put in the wrong username/
password, it prompts again as expected). As users themselves can add
roles to the database, I don't know what the roles may be so I
have to
use the wildcard.
The special role "*" means all roles specified in web.xml. It does
not
mean all roles specified in the realm nor does it mean all
authenticated users.
The fix for 15570 was to correctly handle "*". It used to be
interpreted as all authenticated users. It is now correctly
interpreted as all roles defined in web.xml.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] / 0845 456 1810 / 07814 828608
Furze Bank, 34 Hanover Street, SWANSEA UK, SA1 6BA
NOTE
No contracts may be concluded on behalf of GT webMarque by means of
e-mail
communications. The contents of this e-mail are confidential to the
intended recipient at the e-mail address to which it has been
addressed;
it may not be disclosed to or used by anyone other than this
addressee,
nor may it be copied in any way. If received in error please return to
sender via e-mail.
DISCLAIMER
Please note that neither GT webMarque Ltd nor the sender accept any
responsibility for viruses transmitted via e-mail. It is your
responsibility to scan attachments (if any).
[EMAIL PROTECTED] / 0845 456 1810 / 07814 828608
Furze Bank, 34 Hanover Street, SWANSEA UK, SA1 6BA
NOTE
No contracts may be concluded on behalf of GT webMarque by means of e-
mail
communications. The contents of this e-mail are confidential to the
intended recipient at the e-mail address to which it has been addressed;
it may not be disclosed to or used by anyone other than this addressee,
nor may it be copied in any way. If received in error please return to
sender via e-mail.
DISCLAIMER
Please note that neither GT webMarque Ltd nor the sender accept any
responsibility for viruses transmitted via e-mail. It is your
responsibility to scan attachments (if any).
