tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <randy.lay...@aswethink.com>
Subject RE: Doesn't Tomcat support wildcards like *.jsp or *.html at <web -res ource-collection>??
Date Wed, 12 Sep 2001 18:23:13 GMT


> -----Original Message-----
> From: Meinolf.Schulte-Doeinghaus@Bertelsmann.de
> [mailto:Meinolf.Schulte-Doeinghaus@Bertelsmann.de]
> Sent: Wednesday, September 12, 2001 2:56 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Doesn't Tomcat support wildcards like *.jsp or *.html at
> <web-res ource-collection>??
> 
> 
> Hi, 
> I've tried to use wildcards for a webresource collection like *.jsp
> to denie "guests" to access these pages but it doesn't work 
> with tomcat
> 3.2.3 
> Isn't that defined within the servlet specification?
> 
> Sample:
> <security-constraint>
> 	<web-resource-collection>
> 		<web-resource-name>/jsp/*.jsp</web-resource-name>
> 		<url-pattern>/jsp/*.jsp</url-pattern>
> 	</web-resource-collection> 
> 	<auth-constraint>
> 		<role-name>admin</role-name>
> 	</auth-constraint>
> </security-constraint>
> 

The spec does not allow * to be in the middle of a string - it must be at
one end or the other.

> Can I add a further web-resource-collection in a subdirectory 
> of /jsp and 
> give access to everyone? Like   /jsp/images/*  --> role-name 
> = everyone
> What is the "everyone" role that requires no password with 
> tomcat 3.2.3?

On this I don't know.
> 

Mime
View raw message