tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: [SECURITY] Tomcat 7 ignores @ServletSecurity annotations
Date Thu, 10 Mar 2011 12:05:29 GMT
On 09/03/2011 10:48, Mark Thomas wrote:
> The fix in Tomcat 7.0.10 was incomplete. @SecurityAnnotations are still
> ignored when there are no security constraints defined in web.xml (a
> typical use case).
> There will be a Tomcat 7.0.11 release shortly to address this. In the
> meantime, the workaround of specifying at least one security constraint
> in web.xml can be used to trigger the scanning of @SecurityAnnotations.

7.0.11 is available (details on the dev list) for testing. Not this is
*not* the official release. That will happen if testing and voting
complete successfully.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message