Page 22, last paragraph of JACC reads - "........................ Any pattern, qualified by a pattern that matches it, is overridden and made irrelevant (in the translation) by the qualifying pattern. Specifically, all extension patterns and the default pattern are made irrelevant by the presence of the path prefix pattern "/*" in a deployment descriptor. Patterns qualified by the "/*" pattern violate the URLPatternSpec constraints of WebResourcePermission and WebUserDataPermission names and must be rejected by the corresponding permission constructors." Thanks Anita
--- John Sisson <[EMAIL PROTECTED]> wrote: > This appears to be related to the issue raised > around M4 with Jetty. I > hadn't tried tomcat at the time. > > http://issues.apache.org/jira/browse/GERONIMO-603 > > John > > > anita kulshreshtha wrote: > > Hmmm... , debug tool (G-1448) required a similar > > modification. Is it time to recite the specs...? > > > > Thanks > > Anita > > > > --- "Aaron Mulder (JIRA)" > <[email protected]> > > wrote: > > > > > >> Web app security on /* causes deployment > exception > >> > -------------------------------------------------- > >> > >> Key: GERONIMO-1585 > >> URL: > >> > http://issues.apache.org/jira/browse/GERONIMO-1585 > >> Project: Geronimo > >> Type: Bug > >> Components: web > >> Versions: 1.0 > >> Environment: Geronimo 1.0 with Jetty > >> Reporter: Aaron Mulder > >> Priority: Critical > >> Fix For: 1.0.1, 1.1 > >> > >> > >> Deploying a web app with the following security > >> block causes a deployment error: > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>All > >> Pages</web-resource-name> > >> <url-pattern>/*</url-pattern> > >> <http-method>GET</http-method> > >> <http-method>POST</http-method> > >> <http-method>PUT</http-method> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>User</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> Note this is essentially right out of the spec > (see > >> SRV.12.8.2 in the Servlet 2.4 spec). > >> > >> The error is: > >> > >> > org.apache.geronimo.common.DeploymentException: > >> Unable to initialize webapp GBean > >> at > >> > >> > > > org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:842) > > > >> ... > >> Caused by: > java.lang.IllegalArgumentException: > >> Qualifier patterns in the URLPatternSpec cannot > >> match the first URLPattern > >> at > >> > >> > > > javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:54) > > > >> at > >> > >> > > > javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:54) > > > >> at > >> > >> > > > org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(JettyModuleBuilder.java:1215) > > > >> at > >> > >> > > > org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:821) > > > >> ... 70 more > >> > >> Changing the url-pattern to / fixes the problem, > but > >> it seems to me that /* ought to work too. > >> > >> -- > >> This message is automatically generated by JIRA. > >> - > >> If you think it was sent incorrectly contact one > of > >> the administrators: > >> > >> > >> > > > http://issues.apache.org/jira/secure/Administrators.jspa > > > >> - > >> For more information on JIRA, see: > >> http://www.atlassian.com/software/jira > >> > >> > >> > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
