tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Kupisch" <lam...@gmx.de>
Subject Declarative Security - Forbid access to all resources except one
Date Tue, 25 Nov 2003 07:21:12 GMT
Hi,

I'm looking for a way to declare security on my webapp. The webapp is very
small. It consists of a few JSPs and a servlet controller. I tried to forbid
access to every resource in the app with a <security-constraint> element via
<url-pattern>/*</url-pattern> and no <auth-constraint>. I granted access
to a
start JSP via a <security-constraint> with <auth-constraint>. Unfortanetely
this doesn't work.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>start</web-resource-name>
      <url-pattern>/jsp/index.jsp</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Everything else</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
  </security-constraint>

Is something wrong here or am I misunderstanding something completely?

- Martin.

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message