Jetspeed 2
  1. Jetspeed 2
  2. JS2-526

JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev (sources)

      Description

      I've built my own portal from the 2.1-dev sources.
      The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
      Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
      (seems like the same problem in Issue JS2-496: http://issues.apache.org/jira/browse/JS2-496)

      If I'm manually adding the following role-name in portal's web.xml, it works fine, on both tomcat and jboss servers:
      <role-name>*</role-name>

      here the new full constraint entry:
      ...
      <!-- Protect LogInRedirectory.jsp. This will require a login when called -->
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Login</web-resource-name>
      <url-pattern>/login/redirector</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <!-- the required portal user role name defined in: -->
      <!-- /WEB-INF/assembly/security-atn.xml -->

      <role-name>portal-user</role-name>
      <role-name>*</role-name>

      </auth-constraint>
      </security-constraint>
      ...

      Is this quite correct or do I have a security problem now?
      Or is there a bug in JBoss?

      1. security.patch.txt
        2 kB
        Sylvain RIBEYRON

        Activity

        Bruno Marti created issue -
        Sylvain RIBEYRON made changes -
        Field Original Value New Value
        Attachment security.patch.txt [ 12342669 ]
        David Sean Taylor made changes -
        Assignee David Sean Taylor [ taylor ]
        David Sean Taylor made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 2.1-dev [ 12310686 ]
        Ate Douma made changes -
        Fix Version/s 2.1 [ 12310617 ]
        Ate Douma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            David Sean Taylor
            Reporter:
            Bruno Marti
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development