David, thanks for your reply,
I'm using Geronimo 2.1.4, the latest. When you mention that you think it
works in 2.2, is that speaking of the future, or a typo?
Here is the a portion of the geronimo-application.xml file:
<module>
<web>RiskPortal_Kamakura_v3.1.00_b4667.war</web>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1";
xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.0"; >
<naming:resource-ref>
<naming:ref-name>jdbc/RP_DB</naming:ref-name>
<naming:resource-link>RPSystemDB</naming:resource-link>
</naming:resource-ref>
</web-app>
</module>
<sec:security></sec:security>
The security element is the same as in geronimo-web.xml which deploys
properly. The security element in web.xml just prevents direct access to
the specified resources, and is:
<security-constraint>
<display-name>Unavailable_Raw_Pages</display-name>
<web-resource-collection>
<web-resource-name>RawPages</web-resource-name>
<url-pattern>*.xhtml</url-pattern>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.jspx</url-pattern>
<url-pattern>*.tiles</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint> </auth-constraint>
</security-constraint>
I make no claims to understanding geronimo deployment descriptors in detail,
but this seems like this should work. Am I missing something?
Thanks,
- Ray Clough
djencks wrote:
>
> Hi Ray, sorry for the delay.
>
> On Sep 19, 2009, at 5:35 PM, Ray Clough wrote:
>
>> In my web.xml file I have a security constraint which is intended
>> simply to block direct access to the jsp, jspx, xhtml files
>> directly. Here is the snippet from web.xml Unavailable_Raw_Pages
>> RawPages *.xhtml *.jsp *.jspx *.tiles POST GET PUT DELETE Since no
>> roles are defined, the content is completely blocked. When I deploy
>> the app as a WAR file to geronimo, this works well.
>
> I'm quite surprised at this. I would expect you would get the same
> message as you get with an ear.
>
>> Now when I'm trying to deploy as an EAR, it won't deploy with
>> message "web.xml for web app XXX.war includes security elements but
>> Geronimo deployment plan is not provided or does not contain element
>> necessary to configure security accordingly." I have tried various
>> different contents in geronimo-application.xml, but I always get the
>> same error. The app uses custom security, and I do not have any
>> security realm defined on Geronimo. Can I do this, and if so, how?
>> Thanks, - Ray Clough
>
> I'm pretty sure you need the <security/> element but I don't think you
> need anything inside. I don't recall if you need a security realm or
> not. As you say, you shouldn't really. I think I remember making
> this scenario work in 2.2 some time ago: it may not work in 2.1.x.
>
> I don't suppose you have a simple app to demonstrate the behavior?
>
> thanks
> david jencks
>
>
>> View this message in context: security constraint question
>> Sent from the Apache Geronimo - Users mailing list archive at
>> Nabble.com.
>
>
>
--
View this message in context:
http://www.nabble.com/security-constraint-question-tp25526829s134p25630427.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
