Bug 15570

Summary: incorrect role-name mapping for "*" with respect to spec
Product: Tomcat 4 Reporter: Thomas Paradies <paradies>
Component: UnknownAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P3    
Version: 4.1.16   
Target Milestone: ---   
Hardware: PC   
OS: All   
URL: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg78364.html

Description Thomas Paradies 2002-12-20 15:07:08 UTC 
According to the servlet spec 2.3 the specially reserved role-name "*" is a 
compact syntax for indicating all roles in the web application. Tomcat 
interprets "*" as meaning "any authenticated user", which is not quite the same 
thing as the spec language either.

For further reading have a look at Graig's reply to my post in tomcat user 
mailing list:
http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg78364.html
Comment 1 Mark Thomas 2006-01-02 16:50:12 UTC 
Thsi has been fixed in SVN for tc4.1.x and tc5.5.x