tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 26421] New: - can not config different security-constraint for differenct folders under same webapp
Date Sun, 25 Jan 2004 19:37:25 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26421>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26421

can not config different security-constraint  for differenct folders under same webapp

           Summary: can not config different security-constraint  for
                    differenct folders under same webapp
           Product: Tomcat 5
           Version: 5.0.16
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: sliu@plmatrix.com


in same webapp's web.xml, I want to all .jsp is protected,
however, I also need to unprotected the "themes" folder. my folder structure is:
WEB_APP/index.jsp
WEB_APP/contact.jsp
WEB_APP/themes
WEB_APP/themes/logon_pic.gif
WEB_APP/login/login.jsp
WEB_APP/login/login_error.jsp

in web.xml, I have:
  <security-constraint>
    <web-resource-collection>
		<web-resource-name>public themes</web-resource-name>
		<description>Themes without security</description>
		<url-pattern>/themes/*</url-pattern>
		<http-method>GET</http-method>
		<http-method>HEAD</http-method>
    </web-resource-collection>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Entire Application</web-resource-name>
	  <description>Entire application</description>
	  <url-pattern>/</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/login/login.jsp</form-login-page>
      <form-error-page>/login/login_error.jsp</form-error-page>
    </form-login-config>
  </login-config>


In login.jsp, I use an image from "themes" folder, the result I got is:
"index.jsp" is protected just as I expected and "/login/login.jsp" is shown,
however, the image in "login.jsp" is also protected and can not be shown.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message