2 Replies Latest reply on Mar 12, 2004 5:37 AM by cane74

    problem with web.xml and accessing secure pages

    cane74 Newbie

      Hi!

      Why JBoss produces an error while processing my web.xml? All seems to be OK while

      <security-role> ... </security-role>
      is commented out. Otherwise XML parser says:

      11:03:20,734 ERROR [Digester] Parse Error at line 83 column 11: The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,
      context-param*,filter*,filter-mapping*,listener*,
      servlet*,servlet-mapping*,session-config?,
      mime-mapping*,welcome-file-list?,error-page*,
      taglib*,resource-env-ref*,resource-ref*,
      security-constraint*,login-config?,security-role*,
      env-entry*,ejb-ref*,ejb-local-ref*)".


      Another question is why after quthorization user can't see information from secure location (/admin/*)? Is it possible that if I didn't specify the <security-role> properly ('cause I can't :D) user will be always redirected to /error/403.jsp?

      What is wrong?...

      Best regards,
      Bart

      web.xml

      <?xml version="1.0" ?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
      
      <web-app>
       <!-- ROLES -->
       <security-role>
       <description>Authenticated user</description>
       <role-name>Authenticated_users</role-name>
       </security-role>
      
      
       <welcome-file-list>
       <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
      
       <error-page>
       <error-code>403</error-code>
       <location>/error/403.jsp</location>
       </error-page>
      
       <error-page>
       <error-code>404</error-code>
       <location>/error/404.jsp</location>
       </error-page>
      
       <!-- SECURITY -->
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>iqweb-admin</web-resource-name>
       <description>Administracja systemem</description>
       <url-pattern>/admin/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
       </web-resource-collection>
       <auth-constraint>
       <description>Only allow Authenticated_users role</description>
       <role-name>Authenticated_users</role-name>
       </auth-constraint>
       <user-data-constraint>
       <description>Encryption is not required for the application in general.</description>
       <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>iqweb</realm-name>
       </login-config>
      
      </web-app>
      



        • 1. Re: problem with web.xml and accessing secure pages
          Juha Lindfors Master

           


          Otherwise XML parser says:

          11:03:20,734 ERROR [Digester] Parse Error at line 83 column 11: The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,
          context-param*,filter*,filter-mapping*,listener*,
          servlet*,servlet-mapping*,session-config?,
          mime-mapping*,welcome-file-list?,error-page*,
          taglib*,resource-env-ref*,resource-ref*,
          security-constraint*,login-config?,security-role*,
          env-entry*,ejb-ref*,ejb-local-ref*)".


          Your document instance does not match the DTD. Fix your XML file and the error will disappear (the order of elements is significant).


          • 2. Re: problem with web.xml and accessing secure pages
            cane74 Newbie

            Thank you - it was the matter of elements order... Hmm, isn't it strange that first role is used and then defined? :)

            Bart