We do not allow this combintaion of URL patterns in
web-resource-collection. This is in line with JACC
http://java.sun.com/j2ee/1.4/docs/api/javax/security/jacc/WebResourcePermission.html
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Role</web-resource-name>
<url-pattern>*.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>content-administrator</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unrestricted ACCESS</web-resource-name>
<url-pattern>/login.do</url-pattern>
</web-resource-collection>
</security-constraint>
The following url-patterns are allowed with *.do -
- /login/*, /login.do/* , i.e. path prefix patterns
- login.do, i.e. Exact patterns matching *.do
- login.do/, login.do/*
Does anyone know why the above web.xml fragment should or should
not be allowed?
Thanks
Anita
____________________________________________________________________________________
Get your own web address.
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL
