tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Holcomb <peter.holc...@gmail.com>
Subject Re: Security Constraint conflict
Date Fri, 18 Sep 2009 21:22:47 GMT
I was actually looking in the 3.0 spec (here:
http://jcp.org/aboutJava/communityprocess/pr/jsr315/index.html) but I
believe the same example is available in the 2.4 spec under 12.8.2.
It's the example under "combining constraints".

I can't figure out the unioning process other than maybe it's unioning
the allowed access?  Something like this:

- constraint 1: *.xhtml (everyone but *.xhtml can come to the party!)

- constraint 2: /* (everyone can come to the party, but only if they
come through POST,GET).

So the UNION is that everyone can come to the party through POST,GET?
Maybe I'm way off...

Peter Holcomb



On Fri, Sep 18, 2009 at 4:04 PM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter,
>
> On 9/18/2009 4:34 PM, Peter Holcomb wrote:
>> Thanks for your response.  I've read through the example in 13.7.2 of
>> the spec
>
> Which version of the spec? I don't see a section 13.8 at all in either
> 2.4 or 2.5 of the spec. I see the heading "Combining Constraints" listed
> under 12.7.1.
>
>> but I don't think I'm understanding how the union works.
>
> I think Tim is incorrect, here. Neither the url-pattern nor the
> http-methods overlap, therefore no combining should occur.
>
>> According to my thought process, the url patterns are:
>>
>> *.xhtml - access precluded
>>
>> /* PUT,DELETE,TRACE,OPTIONS - access precluded
>
> The example I see in 12.7.2 seems to support your expectations.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkqz9fEACgkQ9CaO5/Lv0PCyhQCghhbzT4ruq1in03G4GTbsI2DD
> v7UAmgKCOefa4O0gcDBTsnDHHePDDSY9
> =UViR
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message