Hi Peter, I think we need more info to help.
Your web.xml update looks okay to me. Double check with \tomcat\webapps\examples\WEB-INF\web.xml as it also uses a protected area. What authorization scheme do you use: form-based, basic auth ? If form-based send the corresponding parts of your web.xml and info about the directory structure of your login components What browser do you use? IE? I'm asking because of a weird problem: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 (if you can confirm this, subscribe, vote, I'm trying to find a workaround for this problem, although I won't start patching... I think this problem is somehow connected to requiring "roles", without that "confidential" seems to work... Strange... I'll keep an eye on that) What ports is Tomcat running on? 8080/8443 or 80/443? What does "not work" mean? Error messages, what happens, what doesn't happen, what should happen? Michael > -----Original Message----- > From: Peter Lee [mailto:[EMAIL PROTECTED]] > Sent: Freitag, 27. Dezember 2002 21:22 > To: [EMAIL PROTECTED] > Subject: RE: Security constraint problem with v4.1.18 > > > On 25 Dec 2002 at 13:30, mech wrote: > > > I cannot tell if there's a difference between 4.1.12 and > 4.1.18 as I'm > > still using 4.1.15. > > > > I would first change the url pattern to > > <url-pattern>/protected/*</url-pattern> > > > > So, I changed it. > > > Second add > > <security-role><role-name>myrole</role-name></security-role> > > Tags under the document root for all roles you use. As far as I know > > your <auth-constaint><role-name>s reference to these > <security-role>s. I > > never tried what happens if you don't specify these, too. > > > > I also added > <security-role><role-name>myrole</role-name></security-role> under > the <web-app> tag in my web.xml file > Is this the correct file? > It still didn't work. > > Thanks > > > Mech > > > > P.S. Merry Christmas! > > > > > -----Original Message----- > > > From: Peter Lee [mailto:[EMAIL PROTECTED]] > > > Sent: Mittwoch, 25. Dezember 2002 00:01 > > > To: [EMAIL PROTECTED] > > > Subject: Security constraint problem with v4.1.18 > > > > > > > > > I upgraded from 4.1.12 to 4.1.18, but I got some problems > > > with security constraints. I have applied a security > > > constraint on a particular url pattern. Only certain users > > > with a special rolename can > > > access that link. It used to work but now the page does not > > > load with v4.1.18. Is SSL implemented differently after > > > v4.1.12 that prevents my application fromworking? > > > > > > Is there any documentation on tomcat v4.1.18 SSL security stuff? > > > > > > > > > Here is my security constraint in web.xml: > > > > > > <security-constraint> > > > <web-resource-collection> > > > <web-resource-name>SSLResource</web-resource-name> > > > <url-pattern>/protected</url-pattern> > > > </web-resource-collection> > > > <auth-constraint> > > > <role-name>myrole</role-name> > > > </auth-constraint> > > > <user-data-constraint> > > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > > </user-data-constraint> > > > </security-constraint> > > > > > > > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: > > > <mailto:tomcat-user-> [EMAIL PROTECTED]> > > > For > > > additional commands, > > > e-mail: <mailto:[EMAIL PROTECTED]> > > > > > > > > > -- > > To unsubscribe, e-mail: > <mailto:tomcat-user-> [EMAIL PROTECTED]> > > For > additional commands, > e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
