That is a bug in tomcat 5.5.12 and previous version. tomcat 5.5.15 fixed it, but IMHO jetspeed 2 can not work with tomcat 5.5.15 because there is something wrong in jetspeed.war/WEB-INF/web.xml.
On 2/24/06, Aaron Evans <[EMAIL PROTECTED]> wrote: > > So this is a tomcat bug, right? > > -----Original Message----- > From: Jian Liao (JIRA) [mailto:[EMAIL PROTECTED] > Sent: Friday, February 17, 2006 12:35 AM > To: [EMAIL PROTECTED] > Subject: [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned > to client browser when any user that doesn't have admin role attempts to > log in > > > [ > http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12366753] > > Jian Liao commented on JS2-496: > ------------------------------- > > FYI, the following bug is related to this issue: > > 1. 37852: Fix regression where the magic role '*' was denying all access. > Patch by xrcat (billbarker) > 2. 15570: auth-constraint of * was interpretted as all authenticated users > rather than as all roles defined in web.xml. (markt) > > Class: org.apache.catalina.realm.RealmBase, line 726 to 777. > Link: http://tomcat.apache.org/tomcat-5.5-doc/changelog.html > > > - Jian Liao > > > J2 on tomcat 5.5.15: 403 returned to client browser when any user that > doesn't have admin role attempts to log in > > > ----------------------------------------------------------------------------------------------------------------- > > > > Key: JS2-496 > > URL: http://issues.apache.org/jira/browse/JS2-496 > > Project: Jetspeed 2 > > Type: Bug > > Components: Security > > Versions: 2.0-FINAL > > Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3) > > Reporter: Aaron Evans > > > > > When J2 is deployed on tomcat 5.5.15, whenever any user that does not > have the admin role logs in, a 403 is returned for the URI > /login/redirector. > > This does not occur on earlier releases of tomcat (5.5.9 for example). > > The user is in fact authenticated, for if you delete the > /login/redirector from the URL in the browser and refresh, then the main > page of the portal is shown and the user is authenticated. > > -- > This message is automatically generated by JIRA. > - > If you think it was sent incorrectly contact one of the administrators: > http://issues.apache.org/jira/secure/Administrators.jspa > - > For more information on JIRA, see: > http://www.atlassian.com/software/jira > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- thanks, - Jian Liao
