On Fri, 6 Dec 2002, Peter Lee wrote:
> Date: Fri, 06 Dec 2002 03:52:38 -0800 > From: Peter Lee <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Security role name warning > > I got the following warning. what does it really mean? > > WARNING: Security role name specialrole used in an <auth-constraint> without being >defined in a <security- > role> > It means what it says :-). According to the servlet specification, you are supposed to use a <security-role> element in web.xml to define *all* of the role names that your application uses, either directly in a security constraint or dynamically as an argument to request.isUserInRole(). Tomcat has never enforced this constraint, although some J2EE app servers do. This warning is there to nudge you towards making your web.xml file more compliant with the standards, without causing apps that don't do it to fail. Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
