tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Eric Miller" <jemil...@uchicago.edu>
Subject Re: Bug in basic HTTP authentication/resource protection in Tomcat 3.1?
Date Thu, 20 Jul 2000 18:55:42 GMT
Yeah, but it's running the same servlet. I didn't even know that
SnoopServlet/ was a valid URL. IMHO, this should be changed. If it isn't I
doubt that I will be the only one that makes this mistake.

If it weren't for the fact that I accidentally typed the extra /, I would
have a gaping whole in my application that I didn't even know about.

It isn't really a problem with the resource protection, it's that
SnoopServlet shouldn't get run if there is a trailing /.

Jon

----- Original Message -----
From: "Costin Manolache" <Costin.Manolache@eng.sun.com>
To: <tomcat-dev@jakarta.apache.org>; <jemiller@uchicago.edu>
Sent: Thursday, July 20, 2000 1:18 PM
Subject: Re: Bug in basic HTTP authentication/resource protection in Tomcat
3.1?


> > Jon
> >
> > P.S. I'm not actually subscribed to this list, so, please CC
> > jemiller@uchicago.edu with any responses. Thanks.
> >
> >       <web-resource-collection>
> >          <web-resource-name>Protected Area</web-resource-name>
> >   <!-- Define the context-relative URL(s) to be protected -->
> >          <url-pattern>/servlet/SnoopServlet</url-pattern>
>
> That's exact map - it protects snoopServlet but doesn't protect
> SnoopServlet/
>
> Costin
>


Mime
View raw message