Orion/1.0rc2 - orion.jar filesize 1,541,119 bytes
The following is thrown:
java.lang.SecurityException
at com.evermind.server.http.HttpApplication.qz(JAX)
at com.evermind.server.http.HttpApplication.ry(JAX)
at com.evermind.server.http.dn.qz(JAX)
at com.evermind.server.http.HttpApplication.getRequestDispatcher(JAX)
at com.evermind.server.http.EvermindPageContext.include(JAX)
at
/motionbook/motionbook.jsp._jspService(/motionbook/motionbook.jsp.java:60) (JSP
page line 44)
at com.evermind.server.http.EvermindHttpJspPage.service(JAX)
at com.evermind.server.http.dd.o2(JAX)
at com.evermind.server.http.dd.forward(JAX)
at com.evermind.server.http.dk.o7(JAX)
at com.evermind.util.e.run(JAX)
I have configured to use servlet mapping to a .jsp file. There is a security
contstraint for all *.jsp files in the directory of the mapped .jsp file.
<servlet>
<description>no description</description>
<display-name>centralJsp</display-name>
<servlet-name>webTierEntryPoint</servlet-name>
<jsp-file>/motionbook/motionbook.jsp</jsp-file>
<!--<load-on-startup>-1</load-on-startup>-->
<load-on-startup>1000</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>webTierEntryPoint</servlet-name>
<url-pattern>/motion/*</url-pattern>
</servlet-mapping>
The url that I type is http://localhost/motion/ - then the exception is thrown
It does work if I first go http://localhost/motionbook/motionbook.jsp - The
login screens are displayed accordingly and I am allowed access. I then can go
back to http://localhost/motion/ and everything works fine.
This worked in Orion/rc2 build 9 and the first Orion/rc2 file size 1,536,851
I am on WinNT 4.0, Sun jdk1.2.2
If I am doing something incorrect, please advise - Thanks!
Evan Vaala
Here are my config files:
orion/apps/ra-app/ra-web/Web-inf/web.xml
========================================
<?xml version="1.0"?>
<!DOCTYPE web-application SYSTEM "web-application.dtd">
<web-app>
<display-name>Rockwell Automation</display-name>
<description>
A small demo web-app demonstrating
interaction between JSP and EJB.
</description>
<!--<development>true</development>-->
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<taglib>
<taglib-uri>ejbtags</taglib-uri>
<taglib-location>/WEB-INF/lib/ejbtags.jar</taglib-location>
</taglib>
<taglib>
<taglib-uri>utiltags</taglib-uri>
<taglib-location>/WEB-INF/lib/utiltags.jar</taglib-location>
</taglib>
<taglib>
<taglib-uri>ratags</taglib-uri>
<taglib-location>/WEB-INF/lib/ratags.jar</taglib-location>
</taglib>
<servlet>
<description>no description</description>
<display-name>centralJsp</display-name>
<servlet-name>webTierEntryPoint</servlet-name>
<jsp-file>/motionbook/motionbook.jsp</jsp-file>
<!--<load-on-startup>-1</load-on-startup>-->
<load-on-startup>1000</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>webTierEntryPoint</servlet-name>
<url-pattern>/motion/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<url-pattern>/labels/labelit.jsp</url-pattern>
<url-pattern>/mfg/bom.jsp</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>labelusers</role-name>
<role-name>administrators</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/ledger/*.jsp</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>accounting</role-name>
<role-name>administrators</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<url-pattern>/motionbook/*.jsp</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>motionbook</role-name>
<role-name>administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login-error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>administrators</role-name>
<description>Registered administrators of this app.</description>
</security-role>
<security-role>
<role-name>labelusers</role-name>
<description>Registered users of this app. Can add news
etc.</description>
</security-role>
<security-role>
<role-name>accounting</role-name>
<description>Accounting security</description>
</security-role>
<security-role>
<role-name>motionbook</role-name>
<description>Motionbook security</description>
</security-role>
</web-app>
orion/apps/ra-app/meta-inf/application.xml
==========================================
<?xml version="1.0"?>
<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application
1.2//EN" "http://java.sun.com/j2ee/dtds/application_1_2.dtd">
<application>
<display-name>ra</display-name>
<module>
<web>
<web-uri>ra-web</web-uri>
<context-root>/</context-root>
</web>
</module>
<security-role>
<description>Registered administrators of this app.</description>
<role-name>administrators</role-name>
</security-role>
<security-role>
<description>Registered users of this app. Can add news
etc.</description>
<role-name>users</role-name>
</security-role>
<security-role>
<description>The label users</description>
<role-name>labelusers</role-name>
</security-role>
<security-role>
<description>accounting users</description>
<role-name>accounting</role-name>
</security-role>
<security-role>
<description>Motionbook users</description>
<role-name>motionbook</role-name>
</security-role>
</application>
orion/config/principals.xml
===========================
<?xml version="1.0"?>
<!DOCTYPE principals PUBLIC "//Evermind - Orion Principals//"
"http://www.orionserver.com/dtds/principals.dtd">
<principals>
<groups>
<group name="administrators">
<description>administrators</description>
<permission name="administration" />
<permission
name="com.evermind.server.AdministrationPermission" />
</group>
<group name="guests">
<description>guests</description>
</group>
<group name="users">
<description>users</description>
<permission name="rmi:login" />
<permission name="com.evermind.server.rmi.RMIPermission" />
</group>
<group name="labelusers">
<description>label users</description>
<permission name="rmi:login" />
<permission name="com.evermind.server.rmi.RMIPermission" />
</group>
<group name="accounting">
<description>accounting users</description>
<permission name="rmi:login" />
<permission name="com.evermind.server.rmi.RMIPermission" />
</group>
<group name="motionbook">
<description>motionbook users</description>
<permission name="rmi:login" />
<permission name="com.evermind.server.rmi.RMIPermission" />
</group>
</groups>
<users>
<user username="admin" password="123">
<description>The default administrator</description>
<group-membership group="administrators" />
<group-membership group="guests" />
<group-membership group="users" />
</user>
<user username="user" password="456">
<description>The default user</description>
<group-membership group="guests" />
<group-membership group="users" />
</user>
<user username="labels" password="labels">
<description>The label user</description>
<group-membership group="guests" />
<group-membership group="labelusers" />
</user>
<user username="accountant" password="accountant">
<description>accounting user</description>
<group-membership group="guests" />
<group-membership group="accounting" />
</user>
<user username="motionbook" password="motionbook">
<description>Motionbook user</description>
<group-membership group="motionbook" />
</user>
<user username="anonymous" password="">
<description>The default guest/anonyomous user</description>
<group-membership group="guests" />
</user>
</users>
</principals>
