tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan K." <dant...@YorkU.CA>
Subject Re: <web-resource-collection> in web.xml
Date Wed, 17 Apr 2002 15:25:21 GMT

Oh I see.  Thanks Craig.

Regards,
Dan

On Tue, 16 Apr 2002, Craig R. McClanahan wrote:

>
>
> On Tue, 16 Apr 2002, Dan K. wrote:
>
> > Date: Tue, 16 Apr 2002 17:11:04 -0400 (EDT)
> > From: Dan K. <dantest@YorkU.CA>
> > Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > To: tomcat-user@jakarta.apache.org
> > Subject: <web-resource-collection> in web.xml
> >
> >
> > Hi,
> >
> > Does anyone on the list know where the <url-pattern> element is verified
> > in the tomcat 4.0.x source?  For example I have the following web.xml
> > snippet:
> >
> >     <security-constraint>
> >         <web-resource-collection>
> >             <web-resource-name>Protected Web Application</web-resource-name>
> >             <url-pattern>/servlet/*</url-pattern>
> >         </web-resource-collection>
> >
> >         <auth-constraint>
> >             <role-name>user_role</role-name>
> >         </auth-constraint>
> >     </security-constraint>
> >
> > The above protects the url <app_context>/servlet/* works but but I would
> > like to change it so that it will also work for
> > <app_context>/servlet/protected* which doesn't seem to work.  Anyone got
> > ideas?  Is there anything security problem in allowing this?
> >
>
> The valid URL patterns for security constraints are the same as those for
> servlet mappings, and are defined in the Servlet Specification
> <http://java.sun.com/products/servlet/download.html>.  You could certainly
> change this in your own copy of Tomcat, but your applications would not be
> portable to any other container (and possibly not even to a future
> version of Tomcat if the mechanism happened to change).  You'd be far
> better off architecting the URLs of your application so that they fit the
> standards.
>
> > Thanks in advance.
> >
> > Regards,
> > Dan
> >
>
> Craig
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message