Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-526

JBoss web.xml entry for security-constraint login/redirector wont work under Tomcat

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1-dev
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Windows XP SP2, Tomcat 5.5.16, JBoss 4.0.4-CR2, Jetspeed-2.1-dev (sources)

      Description

      I've built my own portal from the 2.1-dev sources.
      The installed portal works on Tomcat 5.5.16, but not on JBoss 4.0.4.
      Under JBoss I am receiving a HTTP-error 403 after the log-in submit.
      (seems like the same problem in Issue JS2-496: http://issues.apache.org/jira/browse/JS2-496)

      If I'm manually adding the following role-name in portal's web.xml, it works fine, on both tomcat and jboss servers:
      <role-name>*</role-name>

      here the new full constraint entry:
      ...
      <!-- Protect LogInRedirectory.jsp. This will require a login when called -->
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Login</web-resource-name>
      <url-pattern>/login/redirector</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <!-- the required portal user role name defined in: -->
      <!-- /WEB-INF/assembly/security-atn.xml -->

      <role-name>portal-user</role-name>
      <role-name>*</role-name>

      </auth-constraint>
      </security-constraint>
      ...

      Is this quite correct or do I have a security problem now?
      Or is there a bug in JBoss?

        Attachments

        1. security.patch.txt
          2 kB
          Sylvain RIBEYRON

          Activity

            People

            • Assignee:
              taylor David Sean Taylor
              Reporter:
              martib Bruno Marti
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: