tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Mapping role names to groups
Date Thu, 06 Aug 2009 12:53:03 GMT
André Warnier wrote:
> Jason Royals wrote:
>> Thanks for the advice, but I think <security-role-ref> is only valid
>> within the context of a <servlet> element though? 
> 
> I have not checked, but are you sure ?  Is it not at the level of the 
> web-app ?  If so, it would apply to everything belonging to that webapp, 
> whether filters, servlets, jsp's, whatnot.
> 
Now I have checked..
More precisely, it seems from the Servlet Spec, that all which concerns 
AAA applies in fact to "URLs" and/or "methods".  It seems thus 
definitely independent from servlets, filters, jsps etc..
Now since these constraints are defined within a context's deployment 
descriptor (web.xml), I would imagine that whatever URL's are specified 
in the security section apply within the context of that webapp.
I you get what I mean.

Note that the above is basically a personal exercise in comprehending 
the Servlet Spec, so it would not be bad if one of the gurus commented 
on this..


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message