You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Me...@Bertelsmann.de on 2001/09/12 20:55:37 UTC
Doesn't Tomcat support wildcards like *.jsp or *.html at ??
Hi,
I've tried to use wildcards for a webresource collection like *.jsp
to denie "guests" to access these pages but it doesn't work with tomcat
3.2.3
Isn't that defined within the servlet specification?
Sample:
<security-constraint>
<web-resource-collection>
<web-resource-name>/jsp/*.jsp</web-resource-name>
<url-pattern>/jsp/*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Can I add a further web-resource-collection in a subdirectory of /jsp and
give access to everyone? Like /jsp/images/* --> role-name = everyone
What is the "everyone" role that requires no password with tomcat 3.2.3?