1 Reply Latest reply on Jun 30, 2004 11:50 AM by darranl

    web.xml Parsing Problem

    tfreeburg

      I have a web application that gives the following error when I deploy it to JBOSS versions 3.2.4, 3.2.5, and 4.0.

      09:15:23,613 ERROR [ContextConfig] Parse error in application web.xml
      java.lang.IllegalArgumentException: Invalid <url-pattern> /pages/*.jsp in security constraint
      at org.apache.commons.digester.Digester.createSAXException(Digester.java:2540)
      at org.apache.commons.digester.Digester.createSAXException(Digester.java:2566)
      at org.apache.commons.digester.Digester.endElement(Digester.java:1061)
      at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
      at org.apache.xerces.impl.dtd.XMLDTDValidator.endNamespaceScope(Unknown Source)
      at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(Unknown Source)
      at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(Unknown Source)
      at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
      at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
      at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
      at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
      at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
      at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
      at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
      at org.apache.commons.digester.Digester.parse(Digester.java:1548)
      at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java:263)




      Here is the <security-constraint> section of the web.xml:

      <security-constraint>
      <display-name>
      Restrict access to JSP pages</display-name>
      <web-resource-collection>
      <web-resource-name>
      Restrict access to JSP pages
      </web-resource-name>
      This security constraint illustrates how JSP
      pages with JavaServer Faces components can be protected from being accessed without going through the Faces Servlet. The security constraint ensures that the Faces Servlet will be used or the pages will not be processed.
      <url-pattern>/pages/*.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      With no roles defined, no access granted
      </auth-constraint>
      </security-constraint>


      I have deployed the same web application in a a fresh installation of TomCat 4.1.30 and I do not get the error. The JBOSS environments that I have deployed it in are unmodified as well.

      If I change the url-pattern to '/pages/*' I do not get the parsing problem, but I only want to restrict jsp access.

      Any clues?

      Thanks.