You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Marco Arioli <ar...@risorsei.it> on 2000/10/03 22:09:19 UTC
Security constraint
Hi, I have a problem with apache+tomcat trying to configure security
constraint. The rule is as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/jsp/security/protected/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
Tomcat, as a standalone, asks authentication for all file in ../protected/;
using tomcat+apache (through port 80) authentication is required only for
jsp file (and maybe for servlet). Other files are shown without
authentication. This is not what I want; what should I do to solve this?
Thanx,
Marco.
==========================================================================
Marco Arioli
e-mail: arioli.m@risorsei.it
marioli@landini.it
==========================================================================