geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jian Liao <>
Subject JACC permission check issue
Date Tue, 06 Dec 2005 11:10:50 GMT
Hi all,

I defined two security constraints in web.xml as following:

  <!-- Protect LogInRedirectory.jsp.  This will require a login when called

  <!--  securing the ManagerServlet -->

It will create a WebResourcePermission instance with
"/:/login/redirector:/manager/*" as its name and its URLPatternSpec
instance's pattern, this WebResourcePermission  instance will be contained
by PolicyConfigurationGeneric.unchecked .

After the successfully login, a sendRedirect("/login/redirector") occured.
A WebResourcePermission instance will be created like this: "new
WebResourcePermission(request)" in class: TomcatGeronimoRealm line 200. So
WebResourcePermission instance will use "/login/redirector" to construct its
URLPatternSpec, then URLPatternSpec constructor will initialize its "first"
member variable with "/login/redirector", is that what it expect? (See line:
45 - 46 in

Finally, I will fail on line: 128, Becuase the
URLPattern instance in qualifiers will match the "URLPatternSpec.first"
which construct above.

Could someone tell how should I config my security-constraint or is that a

- Jian Liao

View raw message