tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Meinolf.Schulte-Doeingh...@Bertelsmann.de
Subject Doesn't Tomcat support wildcards like *.jsp or *.html at <web-res ource-collection>??
Date Wed, 12 Sep 2001 18:55:37 GMT
Hi, 
I've tried to use wildcards for a webresource collection like *.jsp
to denie "guests" to access these pages but it doesn't work with tomcat
3.2.3 
Isn't that defined within the servlet specification?

Sample:
<security-constraint>
	<web-resource-collection>
		<web-resource-name>/jsp/*.jsp</web-resource-name>
		<url-pattern>/jsp/*.jsp</url-pattern>
	</web-resource-collection> 
	<auth-constraint>
		<role-name>admin</role-name>
	</auth-constraint>
</security-constraint>

Can I add a further web-resource-collection in a subdirectory of /jsp and 
give access to everyone? Like   /jsp/images/*  --> role-name = everyone
What is the "everyone" role that requires no password with tomcat 3.2.3?


Mime
View raw message