2 Replies Latest reply on Mar 12, 2004 5:37 AM by cane74

    problem with web.xml and accessing secure pages

    cane74
    cane74 Mar 11, 2004 4:38 AM

      Hi!

      Why JBoss produces an error while processing my web.xml? All seems to be OK while

      <security-role> ... </security-role>
      is commented out. Otherwise XML parser says:

      11:03:20,734 ERROR [Digester] Parse Error at line 83 column 11: The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,
      context-param*,filter*,filter-mapping*,listener*,
      servlet*,servlet-mapping*,session-config?,
      mime-mapping*,welcome-file-list?,error-page*,
      taglib*,resource-env-ref*,resource-ref*,
      security-constraint*,login-config?,security-role*,
      env-entry*,ejb-ref*,ejb-local-ref*)".

      Another question is why after quthorization user can't see information from secure location (/admin/*)? Is it possible that if I didn't specify the <security-role> properly ('cause I can't :D) user will be always redirected to /error/403.jsp?

      What is wrong?...

      Best regards,
      Bart

      web.xml 

      <?xml version="1.0" ?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
 <!-- ROLES -->
 <security-role>
 <description>Authenticated user</description>
 <role-name>Authenticated_users</role-name>
 </security-role>


 <welcome-file-list>
 <welcome-file>index.jsp</welcome-file>
 </welcome-file-list>

 <error-page>
 <error-code>403</error-code>
 <location>/error/403.jsp</location>
 </error-page>

 <error-page>
 <error-code>404</error-code>
 <location>/error/404.jsp</location>
 </error-page>

 <!-- SECURITY -->
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>iqweb-admin</web-resource-name>
 <description>Administracja systemem</description>
 <url-pattern>/admin/*</url-pattern>
 <http-method>POST</http-method>
 <http-method>GET</http-method>
 </web-resource-collection>
 <auth-constraint>
 <description>Only allow Authenticated_users role</description>
 <role-name>Authenticated_users</role-name>
 </auth-constraint>
 <user-data-constraint>
 <description>Encryption is not required for the application in general.</description>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>

 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>iqweb</realm-name>
 </login-config>

</web-app>



      • 2797 Views
      • Tags:
        • 1. Re: problem with web.xml and accessing secure pages
          juha Mar 12, 2004 3:49 AM (in response to cane74)

           


          Otherwise XML parser says:

          11:03:20,734 ERROR [Digester] Parse Error at line 83 column 11: The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,
          context-param*,filter*,filter-mapping*,listener*,
          servlet*,servlet-mapping*,session-config?,
          mime-mapping*,welcome-file-list?,error-page*,
          taglib*,resource-env-ref*,resource-ref*,
          security-constraint*,login-config?,security-role*,
          env-entry*,ejb-ref*,ejb-local-ref*)".


          Your document instance does not match the DTD. Fix your XML file and the error will disappear (the order of elements is significant).


            • Actions
          • 2. Re: problem with web.xml and accessing secure pages
            cane74
            cane74 Mar 12, 2004 5:37 AM (in response to cane74)

            Thank you - it was the matter of elements order... Hmm, isn't it strange that first role is used and then defined? :)

            Bart

              • Actions