You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Da...@rnib.org.uk on 2004/09/07 15:55:18 UTC
web.xml security configuration.
In my applications web.xml I have
<security-constraint>
<web-resource-collection>
<web-resource-name>Read-WriteArea</web-resource-name>
<description> accessible by users of all roles</description>
<url-pattern>/*</url-pattern><!-- was /* -->
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>read</role-name>
<role-name>rwrite</role-name>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
If the url-pattern is /* I get my jdbc based form showing,
and password authentication using mySQL.
If I change it to /repository/index.jsp, i.e. the actual
file used, I don't get any authentication.
Any advice on what form this element should take please?
TIA, DaveP
**** snip here *****
--
DISCLAIMER:
NOTICE: The information contained in this email and any attachments is
confidential and may be privileged. If you are not the intended
recipient you should not use, disclose, distribute or copy any of the
content of it or of any attachment; you are requested to notify the
sender immediately of your receipt of the email and then to delete it
and any attachments from your system.
RNIB endeavours to ensure that emails and any attachments generated by
its staff are free from viruses or other contaminants. However, it
cannot accept any responsibility for any such which are transmitted.
We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email and
any attachments are those of the author and do not necessarily represent
those of RNIB.
RNIB Registered Charity Number: 226227
Website: http://www.rnib.org.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: web.xml security configuration.
Posted by "Ruth, Brice" <br...@fiskars.com>.
David.Pawson@rnib.org.uk wrote:
>In my applications web.xml I have
>
><security-constraint>
> <web-resource-collection>
> <web-resource-name>Read-WriteArea</web-resource-name>
> <description> accessible by users of all roles</description>
> <url-pattern>/*</url-pattern><!-- was /* -->
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <description>These roles are allowed access</description>
> <role-name>read</role-name>
> <role-name>rwrite</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
>
>If the url-pattern is /* I get my jdbc based form showing,
>and password authentication using mySQL.
>
>If I change it to /repository/index.jsp, i.e. the actual
>file used, I don't get any authentication.
>
>Any advice on what form this element should take please?
>
>TIA, DaveP
>
>
>
Dave,
The security constraint is based on the actual URL requested, not the
resource that is being accessed. So, if you're accessing:
http://my.host.com/ - and its actually loading
http://my.host.com/repository/index.jsp, then your security-constraint
won't be triggered if you don't have /* indicated. With a constraint of
/repository/index.jsp, try accessing that path directly from your
browser - the constraint *should* be triggered then.
-Brice
--
Brice Ruth, Sr. IT Analyst
Fiskars Brands Inc
http://www.fiskarsbrands.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org