tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
Date Thu, 10 Mar 2011 12:05:29 GMT
On 09/03/2011 10:48, Mark Thomas wrote:
> The fix in Tomcat 7.0.10 was incomplete. @SecurityAnnotations are still
> ignored when there are no security constraints defined in web.xml (a
> typical use case).
> 
> There will be a Tomcat 7.0.11 release shortly to address this. In the
> meantime, the workaround of specifying at least one security constraint
> in web.xml can be used to trigger the scanning of @SecurityAnnotations.

7.0.11 is available (details on the dev list) for testing. Not this is
*not* the official release. That will happen if testing and voting
complete successfully.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message