[EMAIL PROTECTED] wrote: > Hi, > > I am having problem with Tomcat 5.5.17 jsp example of accessing > protected pages > (example: http://localhost:8080/jsp-examples/security/protected/) > > Logging with valid user and role: > user/password/role="tomcat/tomcat/tomcat" works fine. > Logging with a valid user and invalid role > (user/password/role="role1/tomcat/role1") results in msg 403 > (HTTP Status 403 - Access to the requested resource has been denied). > I am using supplied tomcat-users.xml. > > Before experimenting I made this role (role1) invalid by editing > webapps/jsp-examples/WEB-INF/web.xml file like: > ... > <auth-constraint> > <role-name>tomcat</role-name> > <!-- role-name>role1</role-name --> > </auth-constraint> > ... > > After receiving msg 403 applicatin will not work even with the valid > user role (msg 403 produced). > > I found the same problem for Tomcat4 reported at: > http://mail-archives.apache.org/mod_mbox/tomcat-dev/200204.mbox/[EMAIL > PROTECTED]
This was resolved as INVALID. See http://issues.apache.org/bugzilla/show_bug.cgi?id=8607 > I also have seen somewhere that it was reported to be fixed for Tomcat4. Not fixed, it was never an issue. See above. > > Did the old problem penetrate to Tomcat 5.5.17 or > did I forget to configure something? No, there isn't am issue. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
