tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lin <wool...@gmail.com>
Subject <url-pattern> with Basic Auth
Date Mon, 08 Nov 2004 19:56:34 GMT
has anyone ever tried to use <url-pattern> to filter for basic auth
beyond "/*" all?  If I do this, it forces all requests to my servlet
to authenticate.

    <servlet>
        <servlet-name>AuthServlet</servlet-name>
        <servlet-class>test.AuthServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>AuthServlet</servlet-name>
        <url-pattern>/AuthServlet/*</url-pattern>
        <url-pattern>/AuthServlet</url-pattern>
    </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>auth</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>service</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TestAuth</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      My test role
    </description>
    <role-name>service</role-name>
  </security-role>


But what I would like to do is to be able to filter based on a given
request parameter, like this.

    <servlet>
        <servlet-name>AuthServlet</servlet-name>
        <servlet-class>test.AuthServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>AuthServlet</servlet-name>
        <url-pattern>/AuthServlet/*</url-pattern>
        <url-pattern>/AuthServlet</url-pattern>
    </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>auth</web-resource-name>
      <url-pattern>/AuthServlet?*param1=account1*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>service</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TestAuth</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      My test role
    </description>
    <role-name>service</role-name>
  </security-role>

I tried it and cross-referenced the servlet spec. It doesn't appear to
say if this is allowed or not. Anyone know?

peter

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message