This post originated from an RSS feed registered with Java Buzz
by Simon Brown.
Original Post: Deploying Pebble to JBoss 3.2.1/Tomcat 4.1.24
Feed Title: Simon Brown's weblog
Feed URL: http://www.simongbrown.com/blog/feed.xml?flavor=rss20&category=java
Feed Description: My thoughts on Java, software development and technology.
Weiqi runs Pebble on the JBoss 3/Tomcat 4 distribution and aside from some problems with the Servlet security mechanism it seems to be working well. Here's a summary of the steps required to get it working, based on a default installation and assuming that you are deploying the web application to /pebble.
Copy the expanded WAR file to the $JBOSS_HOME/server/default/deploy directory.
Edit the $JBOSS_HOME/server/default/conf/login-config.xml file to specify which login-module to use by adding the following section.
All that these additional steps do is specify which authentication mechanism you want to use and, as expected, navigating to a protected page results in an authentication request.
The problem that Weiqi is having is related to the Servlet security mechanism. Basically, Pebble uses some custom tags to decide whether a particular portion of the page (e.g. admin links) should be displayed or not, and underneath the covers they simply perform a request.isUserInRole(...) check. The weird thing is that this works on those pages that fall under the protection of a security constraint, but the same code always returns false when used on an unprotected page. I've done some googling for this and all I can find are references to similar questions. My thoughts are that this a bug but I will do some more digging around.