tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Mapping role names to groups
Date Thu, 06 Aug 2009 12:53:03 GMT
André Warnier wrote:
> Jason Royals wrote:
>> Thanks for the advice, but I think <security-role-ref> is only valid
>> within the context of a <servlet> element though? 
> I have not checked, but are you sure ?  Is it not at the level of the 
> web-app ?  If so, it would apply to everything belonging to that webapp, 
> whether filters, servlets, jsp's, whatnot.
Now I have checked..
More precisely, it seems from the Servlet Spec, that all which concerns 
AAA applies in fact to "URLs" and/or "methods".  It seems thus 
definitely independent from servlets, filters, jsps etc..
Now since these constraints are defined within a context's deployment 
descriptor (web.xml), I would imagine that whatever URL's are specified 
in the security section apply within the context of that webapp.
I you get what I mean.

Note that the above is basically a personal exercise in comprehending 
the Servlet Spec, so it would not be bad if one of the gurus commented 
on this..

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message