tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guojun Zhu" <>
Subject What can <url-pattern> accept?
Date Sun, 17 Aug 2008 07:10:44 GMT

I am usging tomcat 5.5.26 and trying to set up some container security with
it.  I am using struts 1.2.9 for my project.  Basically I have three-type

1.  open to everyone, like the welcome pages.

2.  restricted to one type of user role, say A

3.  admin part, more restrictive, so for role B

I set a normal user only has role A, while an administrator user has both
role A and role B.  However, I have some difficulty to set up the
<url-pattern> for <security-constraint> in web.xml.  Both part 2 and 3 are
realized by struts, part 2 takes the root address, such as /,
etc; part 3 takes the admin subdirectory, such as /admin/  I tried
to set part 2 for <url-pattern>/*.do</url-pattern> and part 3 for
<url-pattern>/admin/*.do</url-patter>.  Tomcat refuses to parse it.  I know
url-pattern can do things like "/admin/*" for path or "*.do" for the
extention match.  Any other more finer things?

One ugly solution I can think is to change all the part 2 into a path like
/normal then put that part as /normal/*.  But I would perfer not to do that
since that invole lots of changes in strut-config.xml.   Any other

Thank in advance!

Zhu, Guojun

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message