You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Peter Lin <wo...@gmail.com> on 2004/11/08 20:56:34 UTC

with Basic Auth

has anyone ever tried to use <url-pattern> to filter for basic auth
beyond "/*" all?  If I do this, it forces all requests to my servlet
to authenticate.

    <servlet>
        <servlet-name>AuthServlet</servlet-name>
        <servlet-class>test.AuthServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>AuthServlet</servlet-name>
        <url-pattern>/AuthServlet/*</url-pattern>
        <url-pattern>/AuthServlet</url-pattern>
    </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>auth</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>service</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TestAuth</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      My test role
    </description>
    <role-name>service</role-name>
  </security-role>


But what I would like to do is to be able to filter based on a given
request parameter, like this.

    <servlet>
        <servlet-name>AuthServlet</servlet-name>
        <servlet-class>test.AuthServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>AuthServlet</servlet-name>
        <url-pattern>/AuthServlet/*</url-pattern>
        <url-pattern>/AuthServlet</url-pattern>
    </servlet-mapping>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>auth</web-resource-name>
      <url-pattern>/AuthServlet?*param1=account1*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>service</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TestAuth</realm-name>
  </login-config>

  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      My test role
    </description>
    <role-name>service</role-name>
  </security-role>

I tried it and cross-referenced the servlet spec. It doesn't appear to
say if this is allowed or not. Anyone know?

peter

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: with Basic Auth

Posted by Peter Lin <wo...@gmail.com>.

hehe, I did a search of spec 2.2 and 2.3 on url-pattern and didn't
find the definition. I guess I'll have to look at earlier specs for
the definition. either that or I missed it.

peter



On Mon, 8 Nov 2004 14:22:36 -0600, Mike Curwen
<g_...@globallyboundless.com> wrote:
> I'd think url-pattern elements (regardless of where they appear) need to
> conform to the url-patterns specified in the spec (not sure of section).
> 
> paths: starting with '/' and ending with '/*'
> extensions:  '*.foo'
> exact: exact matching.
> 
> The url-pattern I've left from your original message doesn't match any of
> these.
> 
> 
> 
> 
> > -----Original Message-----
> > From: Peter Lin [mailto:woolfel@gmail.com]
> > Sent: Monday, November 08, 2004 1:57 PM
> > To: tomcat-user
> > Subject: <url-pattern> with Basic Auth
> >
> >       <url-pattern>/AuthServlet?*param1=account1*</url-pattern>
> >
> > I tried it and cross-referenced the servlet spec. It doesn't
> > appear to say if this is allowed or not. Anyone know?
> >
> > peter
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: with Basic Auth

Posted by Mike Curwen <g_...@globallyboundless.com>.

I'd think url-pattern elements (regardless of where they appear) need to
conform to the url-patterns specified in the spec (not sure of section). 

paths: starting with '/' and ending with '/*'
extensions:  '*.foo'
exact: exact matching.

The url-pattern I've left from your original message doesn't match any of
these.


> -----Original Message-----
> From: Peter Lin [mailto:woolfel@gmail.com] 
> Sent: Monday, November 08, 2004 1:57 PM
> To: tomcat-user
> Subject: <url-pattern> with Basic Auth
> 
>       <url-pattern>/AuthServlet?*param1=account1*</url-pattern>
> 
> I tried it and cross-referenced the servlet spec. It doesn't 
> appear to say if this is allowed or not. Anyone know?
> 
> peter
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org