RE: [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin role attempts to log in

Fri, 24 Feb 2006 05:37:33 -0800 

So this is a tomcat bug, right?

-----Original Message-----
From: Jian Liao (JIRA) [mailto:[EMAIL PROTECTED]
Sent: Friday, February 17, 2006 12:35 AM
To: [EMAIL PROTECTED]
Subject: [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned
to client browser when any user that doesn't have admin role attempts to
log in


    [ 
http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12366753 ] 

Jian Liao commented on JS2-496:
-------------------------------

FYI, the following bug is related to this issue:

1. 37852: Fix regression where the magic role '*' was denying all access. Patch 
by xrcat (billbarker)
2. 15570: auth-constraint of * was interpretted as all authenticated users 
rather than as all roles defined in web.xml. (markt)

Class: org.apache.catalina.realm.RealmBase, line 726 to 777.
Link: http://tomcat.apache.org/tomcat-5.5-doc/changelog.html


- Jian Liao

> J2 on tomcat 5.5.15: 403 returned to client browser when any user that 
> doesn't have admin role attempts to log in
> -----------------------------------------------------------------------------------------------------------------
>
>          Key: JS2-496
>          URL: http://issues.apache.org/jira/browse/JS2-496
>      Project: Jetspeed 2
>         Type: Bug
>   Components: Security
>     Versions: 2.0-FINAL
>  Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3)
>     Reporter: Aaron Evans

>
> When J2 is deployed on tomcat 5.5.15, whenever any user that does not have 
> the admin role logs in, a 403 is returned for the URI /login/redirector.
> This does not occur on earlier releases of tomcat (5.5.9 for example).
> The user is in fact authenticated, for if you delete the /login/redirector 
> from the URL in the browser and refresh, then the main page of the portal is 
> shown and the user is authenticated.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to