On 27.02.2009, at 17:38, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck,
On 2/26/2009 5:39 PM, Caldarale, Charles R wrote:
From: Mark Thomas [mailto:ma...@apache.org] Subject: Re: Request
not forwarded to login page with security-constraint after session
time-out
The spec is clearer than that. The "*" role == all roles defined in
web.xml.
Yes, but what it's not clear about is what happens when there are
*no* roles defined in web.xml, which is the situation the OP has.
It's worse than that: he has no roles table defined, so he gets
SQLExceptions during authorization.
[OT]
Yes, indeed.
I had expected that Tomcat would handle this more gracefully. I find
it odd that JDBCRealm does try to run a query against the role table
without checking first if one has even been defined. This is
particularly annoying because the <Realm> tag in context.xml cannot be
validated against a DTD or schema -> from a configuration point of
view I'm not required to define it.
Regards,
Marcel
--
Marcel Stör, http://www.frightanic.com
Blog: http://frightanic.wordpress.com
Couchsurfing: http://www.couchsurfing.com/people/marcelstoer
Skype: marcelstoer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
