You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Randy Layman <ra...@aswethink.com> on 2001/09/12 20:23:13 UTC
RE: Doesn't Tomcat support wildcards like *.jsp or *.html at ??
> -----Original Message-----
> From: Meinolf.Schulte-Doeinghaus@Bertelsmann.de
> [mailto:Meinolf.Schulte-Doeinghaus@Bertelsmann.de]
> Sent: Wednesday, September 12, 2001 2:56 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Doesn't Tomcat support wildcards like *.jsp or *.html at
> <web-res ource-collection>??
>
>
> Hi,
> I've tried to use wildcards for a webresource collection like *.jsp
> to denie "guests" to access these pages but it doesn't work
> with tomcat
> 3.2.3
> Isn't that defined within the servlet specification?
>
> Sample:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>/jsp/*.jsp</web-resource-name>
> <url-pattern>/jsp/*.jsp</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
The spec does not allow * to be in the middle of a string - it must be at
one end or the other.
> Can I add a further web-resource-collection in a subdirectory
> of /jsp and
> give access to everyone? Like /jsp/images/* --> role-name
> = everyone
> What is the "everyone" role that requires no password with
> tomcat 3.2.3?
On this I don't know.
>