tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "CASALINO, Matteo Maria" <>
Subject RE: Nondeterministic behaviour of security constraints in Tomcat 7
Date Thu, 30 Aug 2012 08:24:36 GMT
> -----Original Message-----
> From: Caldarale, Charles R []
> Sent: mercredi 29 août 2012 22:34
> To: Tomcat Users List
> Subject: RE: Nondeterministic behaviour of security constraints in
> Tomcat 7
> > The problem occurs for HTTP requests matching to the most specific
> > pattern (in the above example, /a/b, /a/b/c, etc.),
> Please state where in the servlet spec that /a/b should be matched by
> /a/b/*. (If the request for /a/b were to be redirected to /a/b/, that
> would be matched.)  

According to §13.8.3 of the spec [1]:

"When a Servlet container receives a request, it shall use the algorithm described in 
"Use of URL Paths" on page 115 to select the constraints (if any) defined on the urlpattern
that is the best match to the request URI"

I agree that in the algorithm it is not explicitly stated that /a/b should match to /a/b/*,
however §12.2.2 provides an example which, in my eyes, does so:

TABLE 12-1  Example Set of Maps
Path         Pattern Servlet
/foo/bar/*   servlet1
/baz/*       servlet2
/catalog     servlet3
*.bop        servlet4

TABLE 12-2  Incoming Paths Applied to Example Maps
Incoming Path          Servlet Handling Request
/foo/bar/index.html    servlet1
/foo/bar/index.bop     servlet1
/baz                   servlet2
/baz/index.html        servlet2

> You might want to add /a/b as an explicit <url-
> pattern> to avoid having requests to that target being handled by the
> /a/* rule.

The same behaviour I described is verified as well for every other request that matches /a/b/*,
such as /a/b/, /a/b/c, and so on.

Best regards,

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message