geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Extension pattern, i.e. *.do in security constraints
Date Sat, 20 Jan 2007 08:18:57 GMT
It looks to me as if it should be allowed.  What is the error?

thanks
david jencks

On Jan 19, 2007, at 7:41 PM, anita kulshreshtha wrote:

>    We do not allow this combintaion of URL patterns in
> web-resource-collection. This is in line with JACC
> http://java.sun.com/j2ee/1.4/docs/api/javax/security/jacc/ 
> WebResourcePermission.html
>
>    <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Admin Role</web-resource-name>
>             <url-pattern>*.do</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>content-administrator</role-name>
>         </auth-constraint>
>     </security-constraint>
>
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Unrestricted ACCESS</web-resource-name>
>             <url-pattern>/login.do</url-pattern>
>         </web-resource-collection>
>     </security-constraint>
>
>     The following url-patterns are allowed with *.do -
>      -  /login/*, /login.do/* , i.e. path prefix patterns
>      -  login.do, i.e. Exact patterns matching *.do
>      - login.do/, login.do/*
>     Does anyone know why the above web.xml fragment should or should
> not be allowed?
>
> Thanks
> Anita
>
>
>
> ______________________________________________________________________ 
> ______________
> Get your own web address.
> Have a HUGE year through Yahoo! Small Business.
> http://smallbusiness.yahoo.com/domains/?p=BESTDEAL


Mime
View raw message