tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael McCutcheon <michael.mccutch...@att.net>
Subject Re: @DenyAll does nothing
Date Wed, 02 Mar 2011 14:53:57 GMT
On 3/2/2011 4:12 AM, Mark Thomas wrote:
> On 02/03/2011 06:54, Michael McCutcheon wrote:
>> I'm using Tomcat 7.0.8.
>>
>> I have a servlet with a doGet method that has a @DenyAll annotation
>> applied to it.
>>
>> However, when I run the servlet, it seems to make no difference, and
>> doGet is still called.
>>
>> It was my understanding that @DenyAll was supposed to prevent access to
>> the method on which it is applied.
>>
>> Do I need to turn something on to get Tomcat to recognize the security
>> annotations?  I can't get any of the security annotations to do anything.
> You need to read the Servlet 3 specification. @DenyAll is not part of
> Servlet 3.0. To quote from the change log:
> <quote>
> Added a new annotation - @ServletSecurity (and associated annotation for
> the fields) for defining security as opposed to re-using the
> @RolesAllowed, @PermitAll, @DenyAll
> </quote>
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Ahh thanks for that.  It makes a bit more sense now.

However, I downloaded the Servlet 3.0 spec and used the exact examples 
from the security chapter, and it still seems to ignore the annotations 
completely:

I copied these right from the spec:

@ServletSecurity(@HttpConstraint(transportGuarantee = 
TransportGuarantee.CONFIDENTIAL))

also this:

@ServletSecurity(@HttpConstraint(EmptyRoleSemantic.DENY))

Neither did anything.

I'm running Tomcat in Netbeans 7 beta 2.  Would running in that 
environment affect the security annotations?

thanks,
Mike


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message