portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jian Liao (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Commented: (JS2-496) J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin role attempts to log in
Date Fri, 17 Feb 2006 05:25:51 GMT
    [ http://issues.apache.org/jira/browse/JS2-496?page=comments#action_12366750 ] 

Jian Liao commented on JS2-496:
-------------------------------

There is a bug fix in Tomcat 5.5.15(http://issues.apache.org/bugzilla/show_bug.cgi?id=37852)
which cause this problem. 
I encounter this issue when I'm working on integration J2 with geronimo, too(http://comments.gmane.org/gmane.comp.java.geronimo.devel/22704).
Geronimo has the same behavior as Tomcat 5.5.15. IMHO, it is time for J2 to fix this bug in
web.xml by declaring all the security roles in web.xml.

If you're interesting in JS2-444, download the latest package(geronimo-jetspeed12.zip), you
should find that we declare all the security roles in web.xml(app-servers/geronimo/jetspeed-war/src/webapp/WEB-INF).

HTH,

- Jian Liao

> J2 on tomcat 5.5.15: 403 returned to client browser when any user that doesn't have admin
role attempts to log in
> -----------------------------------------------------------------------------------------------------------------
>
>          Key: JS2-496
>          URL: http://issues.apache.org/jira/browse/JS2-496
>      Project: Jetspeed 2
>         Type: Bug
>   Components: Security
>     Versions: 2.0-FINAL
>  Environment: Tomcat 5.5.15 (JDK 1.5, Apache 2, Fedora Core 3)
>     Reporter: Aaron Evans

>
> When J2 is deployed on tomcat 5.5.15, whenever any user that does not have the admin
role logs in, a 403 is returned for the URI /login/redirector.
> This does not occur on earlier releases of tomcat (5.5.9 for example).
> The user is in fact authenticated, for if you delete the /login/redirector from the URL
in the browser and refresh, then the main page of the portal is shown and the user is authenticated.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message