geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Han Hong Fang (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-5578) incorrect behaviour of security-constraint configuration in web.xml
Date Tue, 07 Sep 2010 17:11:34 GMT
incorrect behaviour of security-constraint configuration in web.xml 
--------------------------------------------------------------------

                 Key: GERONIMO-5578
                 URL: https://issues.apache.org/jira/browse/GERONIMO-5578
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: Tomcat
    Affects Versions: 3.0
            Reporter: Han Hong Fang
            Assignee: Han Hong Fang


When have following configuration in web.xml, GET and POST can be accessed by both "RoleA"
and "RoleB".

<security-constraint>
        <web-resource-collection>
            <web-resource-name>resource2</web-resource-name>
            <url-pattern>/SampleServlet2</url-pattern>
            <http-method>GET</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>RoleA</role-name>
        </auth-constraint>
    </security-constraint>
    
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>resource3</web-resource-name>
            <url-pattern>/SampleServlet2</url-pattern>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>RoleB</role-name>
        </auth-constraint>
    </security-constraint>



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message