[ http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12366753 ]
Jian Liao commented on JS2-496: ------------------------------- FYI, the following bug is related to this issue: 1. 37852: Fix regression where the magic role '*' was denying all access. Patch by xrcat (billbarker) 2. 15570: auth-constraint of * was interpretted as all authenticated users rather than as all roles defined in web.xml. (markt) Class: org.apache.catalina.realm.RealmBase, line 726 to 777. Link: http://tomcat.apache.org/tomcat-5.5-doc/changelog.html - Jian Liao > J2 on tomcat 5.5.15: 403 returned to client browser when any user that > doesn't have admin role attempts to log in > ----------------------------------------------------------------------------------------------------------------- > > Key: JS2-496 > URL: http://issues.apache.org/jira/browse/JS2-496 > Project: Jetspeed 2 > Type: Bug > Components: Security > Versions: 2.0-FINAL > Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3) > Reporter: Aaron Evans > > When J2 is deployed on tomcat 5.5.15, whenever any user that does not have > the admin role logs in, a 403 is returned for the URI /login/redirector. > This does not occur on earlier releases of tomcat (5.5.9 for example). > The user is in fact authenticated, for if you delete the /login/redirector > from the URL in the browser and refresh, then the main page of the portal is > shown and the user is authenticated. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
