You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Me...@Bertelsmann.de on 2001/09/12 20:55:37 UTC

Doesn't Tomcat support wildcards like .jsp or .html at ??

Hi, 
I've tried to use wildcards for a webresource collection like *.jsp
to denie "guests" to access these pages but it doesn't work with tomcat
3.2.3 
Isn't that defined within the servlet specification?

Sample:
<security-constraint>
	<web-resource-collection>
		<web-resource-name>/jsp/*.jsp</web-resource-name>
		<url-pattern>/jsp/*.jsp</url-pattern>
	</web-resource-collection> 
	<auth-constraint>
		<role-name>admin</role-name>
	</auth-constraint>
</security-constraint>

Can I add a further web-resource-collection in a subdirectory of /jsp and 
give access to everyone? Like   /jsp/images/*  --> role-name = everyone
What is the "everyone" role that requires no password with tomcat 3.2.3?

Doesn't Tomcat support wildcards like *.jsp or *.html at ??

Doesn't Tomcat support wildcards like .jsp or .html at ??