Aaron,
I have unit tested this on jetty and it is working
on tomcat-server. The change is too small for a patch.
Thanks
Anita
--- "Anita Kulshreshtha (JIRA)"
<[email protected]> wrote:
> [
>
http://issues.apache.org/jira/browse/GERONIMO-1585?page=comments#action_12365630
> ]
>
> Anita Kulshreshtha commented on GERONIMO-1585:
> ----------------------------------------------
>
> Aaron could you please add a line pat = "/" as shown
> here in o.a.g.security.util.URLPattern and test if
> your app works.
>
> public URLPattern(String pat) {
> if (pat == null)
> t......................................
> if (pat.length() == 0)
> ...............................................
>
> if (pat.equals("/") || pat.equals("/*")) {
> type = DEFAULT;
> pat = "/";
> <------------------------------ new line
> . .}else
> ............................................
>
> > Web app security on /* causes deployment exception
> > --------------------------------------------------
> >
> > Key: GERONIMO-1585
> > URL:
> http://issues.apache.org/jira/browse/GERONIMO-1585
> > Project: Geronimo
> > Type: Bug
> > Components: web, security
> > Versions: 1.0
> > Environment: Geronimo 1.0 with Jetty
> > Reporter: Aaron Mulder
> > Priority: Critical
> > Fix For: 1.0.1, 1.1
>
> >
> > Deploying a web app with the following security
> block causes a deployment error:
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>All
> Pages</web-resource-name>
> > <url-pattern>/*</url-pattern>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>User</role-name>
> > </auth-constraint>
> > </security-constraint>
> > Note this is essentially right out of the spec
> (see SRV.12.8.2 in the Servlet 2.4 spec).
> > The error is:
> >
> org.apache.geronimo.common.DeploymentException:
> Unable to initialize webapp GBean
> > at
>
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:842)
> > ...
> > Caused by: java.lang.IllegalArgumentException:
> Qualifier patterns in the URLPatternSpec cannot
> match the first URLPattern
> > at
>
javax.security.jacc.URLPatternSpec.<init>(URLPatternSpec.java:54)
> > at
>
javax.security.jacc.WebResourcePermission.<init>(WebResourcePermission.java:54)
> > at
>
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.buildSpecSecurityConfig(JettyModuleBuilder.java:1215)
> > at
>
org.apache.geronimo.jetty.deployment.JettyModuleBuilder.addGBeans(JettyModuleBuilder.java:821)
> > ... 70 more
> > Changing the url-pattern to / fixes the problem,
> but it seems to me that /* ought to work too.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of
> the administrators:
>
>
http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
> http://www.atlassian.com/software/jira
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
