You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Randy Layman <ra...@aswethink.com> on 2001/09/12 20:23:13 UTC

RE: Doesn't Tomcat support wildcards like .jsp or .html at ??


> -----Original Message-----
> From: Meinolf.Schulte-Doeinghaus@Bertelsmann.de
> [mailto:Meinolf.Schulte-Doeinghaus@Bertelsmann.de]
> Sent: Wednesday, September 12, 2001 2:56 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Doesn't Tomcat support wildcards like *.jsp or *.html at
> <web-res ource-collection>??
> 
> 
> Hi, 
> I've tried to use wildcards for a webresource collection like *.jsp
> to denie "guests" to access these pages but it doesn't work 
> with tomcat
> 3.2.3 
> Isn't that defined within the servlet specification?
> 
> Sample:
> <security-constraint>
> 	<web-resource-collection>
> 		<web-resource-name>/jsp/*.jsp</web-resource-name>
> 		<url-pattern>/jsp/*.jsp</url-pattern>
> 	</web-resource-collection> 
> 	<auth-constraint>
> 		<role-name>admin</role-name>
> 	</auth-constraint>
> </security-constraint>
> 

The spec does not allow * to be in the middle of a string - it must be at
one end or the other.

> Can I add a further web-resource-collection in a subdirectory 
> of /jsp and 
> give access to everyone? Like   /jsp/images/*  --> role-name 
> = everyone
> What is the "everyone" role that requires no password with 
> tomcat 3.2.3?

On this I don't know.
>

RE: Doesn't Tomcat support wildcards like *.jsp or *.html at ??

RE: Doesn't Tomcat support wildcards like .jsp or .html at ??