SAF security with role * does not work

Issues and Questions related to running Apache Tomcat on z/OS
Post Reply
lcurrens
Posts: 1
Joined: Wed Feb 19, 2020 10:20 am

SAF security with role * does not work

Post by lcurrens » Wed Feb 19, 2020 5:57 pm

I should be able to use role-name * to indicate no SAF permission required. This would only enforce if the userid/password are valid.
However, this does not seem to work:

<security-role>
<role-name>*</role-name>
</security-role>

<!-- CheckLogin request must be basic authorized -->
<security-constraint>
<web-resource-collection>
<web-resource-name>CheckLogin</web-resource-name>
<url-pattern>/checkLogin</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>

Post Reply