Uploaded image for project: 'Jetspeed 2 (Retired)'
  1. Jetspeed 2 (Retired)
  2. JS2-526

JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.1-dev
    • 2.1-dev, 2.1
    • Security
    • None
    • Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev (sources)

    Description

      I've built my own portal from the 2.1-dev sources.
      The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
      Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
      (seems like the same problem in Issue JS2-496: http://issues.apache.org/jira/browse/JS2-496)

      If I'm manually adding the following role-name in portal's web.xml, it works fine, on both tomcat and jboss servers:
      <role-name>*</role-name>

      here the new full constraint entry:
      ...
      <!-- Protect LogInRedirectory.jsp. This will require a login when called -->
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Login</web-resource-name>
      <url-pattern>/login/redirector</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <!-- the required portal user role name defined in: -->
      <!-- /WEB-INF/assembly/security-atn.xml -->

      <role-name>portal-user</role-name>
      <role-name>*</role-name>

      </auth-constraint>
      </security-constraint>
      ...

      Is this quite correct or do I have a security problem now?
      Or is there a bug in JBoss?

      Attachments

        1. security.patch.txt
          2 kB
          Sylvain RIBEYRON

        Activity

          People

            taylor David Sean Taylor
            martib Bruno Marti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: