tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruth, Brice" <br...@fiskars.com>
Subject Re: web.xml security configuration.
Date Tue, 07 Sep 2004 14:50:52 GMT
David.Pawson@rnib.org.uk wrote:

>In my applications web.xml I have 
>
><security-constraint>
>    <web-resource-collection>
>      <web-resource-name>Read-WriteArea</web-resource-name>
>      <description> accessible by  users of all roles</description>
>      <url-pattern>/*</url-pattern><!-- was /* -->
>      <http-method>GET</http-method>
>      <http-method>POST</http-method>
>      <http-method>PUT</http-method>
>      <http-method>DELETE</http-method>
>    </web-resource-collection>
>
>    <auth-constraint>
>      <description>These roles are allowed access</description>
>      <role-name>read</role-name>
>      <role-name>rwrite</role-name>
>      <role-name>admin</role-name>
>    </auth-constraint>
>  </security-constraint>
>
>
>If the url-pattern is /* I get my jdbc based form showing,
>and password authentication using mySQL.
>
>If I change it to /repository/index.jsp, i.e. the actual
>file used, I don't get any authentication.
>
>Any advice on what form this element should take please?
>
>TIA, DaveP
>
>  
>
Dave,

The security constraint is based on the actual URL requested, not the
resource that is being accessed. So, if you're accessing:
http://my.host.com/ - and its actually loading
http://my.host.com/repository/index.jsp, then your security-constraint
won't be triggered if you don't have /* indicated. With a constraint of
/repository/index.jsp, try accessing that path directly from your
browser - the constraint *should* be triggered then.

-Brice


-- 
Brice Ruth, Sr. IT Analyst
Fiskars Brands Inc
http://www.fiskarsbrands.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message