Upgrade to the latest JBoss+TomCat. There is a preconfigured snapshot
somewhere in the CVS, there have been anouncements about it about a week
ago. This issue has been fixed in the new release.
Anatoly.
On Fri, 9 Mar 2001, Michael Azzi wrote:
> Hi,
>
> I have a very basic question about J2EE security in JBOSS-TOMCAT. I am
> sure this question has been asked many times before, but I have not
> been able to find anything in the archives that directly answers it. I
> have a simple web app (primer) with just a jsp component, and no ejb
> component. I am trying to attach security constraints to this web app
> as per the J2EE spec. the web.xml looks like this:
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application
> 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2.2.dtd'>
>
> <web-app>
> <display-name>Primer Web Application</display-name>
> <welcome-file-list>
> <welcome-file>index.jsp</welcome-file>
> </welcome-file-list>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>primer</web-resource-name>
> <url-pattern>/index.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>ADMIN</role-name>
> <role-name>SYSADMIN</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/login.jsp</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <description>System Administrators</description>
> <role-name>SYSADMIN</role-name>
> </security-role>
> <security-role>
> <description>Firm Administrators</description>
> <role-name>ADMIN</role-name>
> </security-role>
> </web-app>
>
> Now, when I run this web app in tomcat alone (ie no jboss is involved, just
> tomcat) it works fine, and the
> login page (login.jsp) comes up. But when I run it from jboss either as
> standalone, or embedded, the login page
> does not come up at all. Instead it goes directly to index.jsp, as if the
> security constraints did not get enforced.
>
> I would greatly appreciate it if someone could just tell me what am I doing
> wrong here.
> I am using JBOSS2.0 Final with Tomcat 3.2
>
> Thanks in advance.
>
> Mike.
>
>
>
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
>
>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
