DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9023>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9023 Servlet Container does not convert the roles, which wherer specified in the Element <security-role-ref> Summary: Servlet Container does not convert the roles, which wherer specified in the Element <security-role-ref> Product: Tomcat 4 Version: 4.0.1 Final Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Servlet & JSP API AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The Tomcat Servlet Container does not convert the roles, which where specified in the Element <security-role-ref>. The following test szenario could be used to detect the error. 1.) insert the JSP test.jsp in an web-archive 2.) modify the deployment descriptor as shown 3.) start the tomcat server 4.) request the JSP and login as tomcat/tomcat or both/tomcat. The output is always false for the method isUserInrole. ---------------------------------------------------------------------------- JSP Testfile: 'test.jsp' ---------------------------------------------------------------------------- <html> <head> <title>test</title> </head> <body> <p> User is in referenced roleAlias1? <%= request.isUserInRole("roleAlias1") %> </p> <p> User is in referenced roleAlias2? <%= request.isUserInRole("roleAlias2") %> </p> </body> </html> ----------------------------------------------------------------------------- WEB.XML: ----------------------------------------------------------------------------- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> <web-app> <servlet> <servlet-name>RoleReference</servlet-name> <jsp-file>/test.jsp</jsp-file> <security-role-ref> <role-name>roleAlias1</role-name> <role-link>role1</role-link> </security-role-ref> <security-role-ref> <role-name>roleAlias2</role-name> <role-link>tomcat</role-link> </security-role-ref> </servlet> <security-constraint> <display-name>test</display-name> <web-resource-collection> <web-resource-name>Collection1</web-resource-name> <url-pattern>/test.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tomcat</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>default</realm-name> </login-config> <security-role> <role-name>role1</role-name> </security-role> <security-role> <role-name>tomcat</role-name> </security-role> </web-app> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
