IllegalArgumentException when deploying WebApp containing a url-pattern of /*
in security-constraint
----------------------------------------------------------------------------------------------------
Key: GERONIMO-603
URL: http://issues.apache.org/jira/browse/GERONIMO-603
Project: Geronimo
Type: Bug
Components: web
Reporter: John Sisson
For example,
<web-app>
..
<security-constraint>
<web-resource-collection>
<web-resource-name>Access to all of the APP</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
..
</security-constraint>
..
</web-app>
The java.lang.IllegalArgumentException("Qualifier patterns in the
URLPatternSpec cannot match the first URLPattern") exception is thrown from:
javax.security.jacc.URLPatternSpec.<init>(java.lang.String) line: 54
javax.security.jacc.WebResourcePermission.<init>(java.lang.String,
java.lang.String) line: 54
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(..)
line: 1000
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(..) line: 400
Looking at the last paragraph of page 22 of the JACC spec, it seems this should
be allowed as it paragraph discusses patterns being made irrelevant by the
presence of the path prefix pattern "/*" in a deployment descriptor.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
