tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan K." <dant...@YorkU.CA>
Subject <web-resource-collection> in web.xml
Date Tue, 16 Apr 2002 21:11:04 GMT

Hi,

Does anyone on the list know where the <url-pattern> element is verified
in the tomcat 4.0.x source?  For example I have the following web.xml
snippet:

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Protected Web Application</web-resource-name>
            <url-pattern>/servlet/*</url-pattern>
        </web-resource-collection>

        <auth-constraint>
            <role-name>user_role</role-name>
        </auth-constraint>
    </security-constraint>

The above protects the url <app_context>/servlet/* works but but I would
like to change it so that it will also work for
<app_context>/servlet/protected* which doesn't seem to work.  Anyone got
ideas?  Is there anything security problem in allowing this?

Thanks in advance.

Regards,
Dan


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message