Problem deploying web applications that have security-constraints in web.xml but use no authentication and security roles

Sat, 05 Aug 2006 23:10:09 -0700

Hi,

I have a web application that has the following security-constraint in the web.xml

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Secure</web-resource-name>
       <url-pattern>/secure/AuthorizationServlet</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
   </security-constraint>

My application does not use any security roles and does not authenticate against any security realm.  All this security-constraint does is that the requests are forwarded to HTTPS port (enabled for ClientAuth) and the application uses Client Certifcates for authorization.  In G1.0, I could deploy this application without using a geronimo-web.xml and the application runs fine.

G1.1 does not allow me to deploy this application without a deployment plan.  Even with a deployment plan, G1.1 comes back with errors that there are no security elements in the deployment plan.  The following messages are displayed in the console.

Deployer operation failed: web.xml for web app tutorial/cert-auth-sample/1.0/war
 includes security elements but Geronimo deployment plan is not provided or does
 not contain <security-realm-name> element necessary to configure security accor
dingly.
org.apache.geronimo.common.DeploymentException: web.xml for web app tutorial/cer
t-auth-sample/1.0/war includes security elements but Geronimo deployment plan is
 not provided or does not contain <security-realm-name> element necessary to con
figure security accordingly.

Clearly, I can not put any security-realm-name and role-mapping elements in geronimo-web.xml .  If I put a security-realm-name tag and/or role-mappings to get past the deployment, access to the resource will be denied since I have not put any auth-constraint tags web.xml

Any suggestions on how to get past this problem?  Or is this a bug in G1.1?

Thanks and regards,
Vamsi

Reply via email to