Thank you very much Caldarale.

Please, do you know how to define "any role"? The framework I use
takes care of authorization (based on service's methods). I only need
to authenticate the user, otherwise I would double the access
configuration.

Diogenes

2008/1/24, Caldarale, Charles R <[EMAIL PROTECTED]>:
> > From: Diogenes Gomes [mailto:[EMAIL PROTECTED]
> > Subject: Problem with protecting pages in Tomcat 5.5
> >
> >               <auth-constraint>
> >                       <role-name>*</role-name>
> >               </auth-constraint>
>
> IIRC, 5.0 misinterpreted a <role-name> setting of *; this was corrected
> in 5.5 and above.  The asterisk does not mean "any role", but rather
> "all defined roles".  (See section 12 of the servlet spec.)  You need to
> provide a set of valid roles via <security-role> in your web.xml file.
>
> > <Context debug="99" docBase="${catalina.home}/webapps/testeweb"
> >       path="/testeweb">
>
> Take out the docBase and path attributes - they're not allowed when the
> <Context> element is in META-INF/context.xml (where it should be).
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to