You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Peter Lin <wo...@gmail.com> on 2004/11/08 20:56:34 UTC
with Basic Auth
has anyone ever tried to use <url-pattern> to filter for basic auth
beyond "/*" all? If I do this, it forces all requests to my servlet
to authenticate.
<servlet>
<servlet-name>AuthServlet</servlet-name>
<servlet-class>test.AuthServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthServlet</servlet-name>
<url-pattern>/AuthServlet/*</url-pattern>
<url-pattern>/AuthServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>auth</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>service</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestAuth</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
My test role
</description>
<role-name>service</role-name>
</security-role>
But what I would like to do is to be able to filter based on a given
request parameter, like this.
<servlet>
<servlet-name>AuthServlet</servlet-name>
<servlet-class>test.AuthServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthServlet</servlet-name>
<url-pattern>/AuthServlet/*</url-pattern>
<url-pattern>/AuthServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>auth</web-resource-name>
<url-pattern>/AuthServlet?*param1=account1*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>service</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestAuth</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
My test role
</description>
<role-name>service</role-name>
</security-role>
I tried it and cross-referenced the servlet spec. It doesn't appear to
say if this is allowed or not. Anyone know?
peter
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: with Basic Auth
Posted by Peter Lin <wo...@gmail.com>.
hehe, I did a search of spec 2.2 and 2.3 on url-pattern and didn't
find the definition. I guess I'll have to look at earlier specs for
the definition. either that or I missed it.
peter
On Mon, 8 Nov 2004 14:22:36 -0600, Mike Curwen
<g_...@globallyboundless.com> wrote:
> I'd think url-pattern elements (regardless of where they appear) need to
> conform to the url-patterns specified in the spec (not sure of section).
>
> paths: starting with '/' and ending with '/*'
> extensions: '*.foo'
> exact: exact matching.
>
> The url-pattern I've left from your original message doesn't match any of
> these.
>
>
>
>
> > -----Original Message-----
> > From: Peter Lin [mailto:woolfel@gmail.com]
> > Sent: Monday, November 08, 2004 1:57 PM
> > To: tomcat-user
> > Subject: <url-pattern> with Basic Auth
> >
> > <url-pattern>/AuthServlet?*param1=account1*</url-pattern>
> >
> > I tried it and cross-referenced the servlet spec. It doesn't
> > appear to say if this is allowed or not. Anyone know?
> >
> > peter
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: with Basic Auth
Posted by Mike Curwen <g_...@globallyboundless.com>.
I'd think url-pattern elements (regardless of where they appear) need to
conform to the url-patterns specified in the spec (not sure of section).
paths: starting with '/' and ending with '/*'
extensions: '*.foo'
exact: exact matching.
The url-pattern I've left from your original message doesn't match any of
these.
> -----Original Message-----
> From: Peter Lin [mailto:woolfel@gmail.com]
> Sent: Monday, November 08, 2004 1:57 PM
> To: tomcat-user
> Subject: <url-pattern> with Basic Auth
>
> <url-pattern>/AuthServlet?*param1=account1*</url-pattern>
>
> I tried it and cross-referenced the servlet spec. It doesn't
> appear to say if this is allowed or not. Anyone know?
>
> peter
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org