tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David.Paw...@rnib.org.uk
Subject RE: web.xml security configuration.
Date Wed, 08 Sep 2004 07:02:27 GMT
 

    -----Original Message-----
    From: Ruth, Brice
    
    The security constraint is based on the actual URL 
    requested, not the resource that is being accessed. So, if 
    you're accessing:
    http://my.host.com/ - and its actually loading 
    http://my.host.com/repository/index.jsp, then your 
    security-constraint won't be triggered if you don't have /* 
    indicated. With a constraint of /repository/index.jsp, try 
    accessing that path directly from your browser - the 
    constraint *should* be triggered then.

in my web.xml I have

<servlet-mapping>
    <servlet-name>repository</servlet-name>
    <url-pattern>/repository</url-pattern>
  </servlet-mapping>

  <servlet-mapping>
    <servlet-name>getit</servlet-name>
    <url-pattern>/getit</url-pattern>
  </servlet-mapping>

I.e. its a one to one, so if I understand you correctly,
when I browse to http://localhost/repository/index.jsp 
my uril-pattern should be

 <security-constraint>
    <web-resource-collection>
      <web-resource-name>Read-WriteArea</web-resource-name>
      <url-pattern>/repository/*</url-pattern>

I have other (html files) in
 /webapps
   /repository
     /upload
         index.html
     /search
         index.html

question.
   I'm assuming these are 'part of' the repository app? Is that right?
   What should the uri-pattern be for these?
   Again the browse path will be
http://localhost/repository/upload/index.html 
I want to have different security requirements for upload and search.
If I have the security constraint on repository defined with url-pattern
of /*, I'm thinking that will cover all the descendents of the repository
directory? Is that wrong?

regards daveP

** snip here **




-- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message