RE: Security constraint problem with v4.1.18
Hi Peter, I think we need more info to help. Your web.xml update looks okay to me. Double check with \tomcat\webapps\examples\WEB-INF\web.xml as it also uses a protected area. What authorization scheme do you use: form-based, basic auth ? If form-based send the corresponding parts of your web.xml and info about the directory structure of your login components What browser do you use? IE? I'm asking because of a weird problem: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 (if you can confirm this, subscribe, vote, I'm trying to find a workaround for this problem, although I won't start patching... I think this problem is somehow connected to requiring roles, without that confidential seems to work... Strange... I'll keep an eye on that) What ports is Tomcat running on? 8080/8443 or 80/443? What does not work mean? Error messages, what happens, what doesn't happen, what should happen? Michael -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Freitag, 27. Dezember 2002 21:22 To: [EMAIL PROTECTED] Subject: RE: Security constraint problem with v4.1.18 On 25 Dec 2002 at 13:30, mech wrote: I cannot tell if there's a difference between 4.1.12 and 4.1.18 as I'm still using 4.1.15. I would first change the url pattern to url-pattern/protected/*/url-pattern So, I changed it. Second add security-rolerole-namemyrole/role-name/security-role Tags under the document root for all roles you use. As far as I know your auth-constaintrole-names reference to these security-roles. I never tried what happens if you don't specify these, too. I also added security-rolerole-namemyrole/role-name/security-role under the web-app tag in my web.xml file Is this the correct file? It still didn't work. Thanks Mech P.S. Merry Christmas! -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 25. Dezember 2002 00:01 To: [EMAIL PROTECTED] Subject: Security constraint problem with v4.1.18 I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented differently after v4.1.12 that prevents my application fromworking? Is there any documentation on tomcat v4.1.18 SSL security stuff? Here is my security constraint in web.xml: security-constraint web-resource-collection web-resource-nameSSLResource/web-resource-name url-pattern/protected/url-pattern /web-resource-collection auth-constraint role-namemyrole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security constraint problem with v4.1.18
I cannot tell if there's a difference between 4.1.12 and 4.1.18 as I'm still using 4.1.15. I would first change the url pattern to url-pattern/protected/*/url-pattern Second add security-rolerole-namemyrole/role-name/security-role Tags under the document root for all roles you use. As far as I know your auth-constaintrole-names reference to these security-roles. I never tried what happens if you don't specify these, too. Mech P.S. Merry Christmas! -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 25. Dezember 2002 00:01 To: [EMAIL PROTECTED] Subject: Security constraint problem with v4.1.18 I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented differently after v4.1.12 that prevents my application fromworking? Is there any documentation on tomcat v4.1.18 SSL security stuff? Here is my security constraint in web.xml: security-constraint web-resource-collection web-resource-nameSSLResource/web-resource-name url-pattern/protected/url-pattern /web-resource-collection auth-constraint role-namemyrole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Security constraint problem with v4.1.18
I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented differently after v4.1.12 that prevents my application fromworking? Is there any documentation on tomcat v4.1.18 SSL security stuff? Here is my security constraint in web.xml: security-constraint web-resource-collection web-resource-nameSSLResource/web-resource-name url-pattern/protected/url-pattern /web-resource-collection auth-constraint role-namemyrole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Security constraint problem with v4.1.18
I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented differently after v4.1.12 that prevents my application fromworking? security-constraint web-resource-collection web-resource-nameSSLResource/web-resource-name url-pattern/protected/url-pattern /web-resource-collection auth-constraint role-namemyrole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]