tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: <web-resource-collection> in web.xml
Date Tue, 16 Apr 2002 23:03:20 GMT


On Tue, 16 Apr 2002, Dan K. wrote:

> Date: Tue, 16 Apr 2002 17:11:04 -0400 (EDT)
> From: Dan K. <dantest@YorkU.CA>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: <web-resource-collection> in web.xml
>
>
> Hi,
>
> Does anyone on the list know where the <url-pattern> element is verified
> in the tomcat 4.0.x source?  For example I have the following web.xml
> snippet:
>
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Protected Web Application</web-resource-name>
>             <url-pattern>/servlet/*</url-pattern>
>         </web-resource-collection>
>
>         <auth-constraint>
>             <role-name>user_role</role-name>
>         </auth-constraint>
>     </security-constraint>
>
> The above protects the url <app_context>/servlet/* works but but I would
> like to change it so that it will also work for
> <app_context>/servlet/protected* which doesn't seem to work.  Anyone got
> ideas?  Is there anything security problem in allowing this?
>

The valid URL patterns for security constraints are the same as those for
servlet mappings, and are defined in the Servlet Specification
<http://java.sun.com/products/servlet/download.html>.  You could certainly
change this in your own copy of Tomcat, but your applications would not be
portable to any other container (and possibly not even to a future
version of Tomcat if the mechanism happened to change).  You'd be far
better off architecting the URLs of your application so that they fit the
standards.

> Thanks in advance.
>
> Regards,
> Dan
>

Craig


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message