Alex, I don't see any such text in section 12.8 of the 2.3 spec. (I do see similar text in the 2.2 spec)
My interpretation (and I suppose the Jetty authors as well) of the applicable sections in either spec (2.3 refers to the same algorithm in its section 11.1) is that its not the constraints that are applied in order but the 4 rules described in the spec. The first rule says to try to match the exact path. The second rule states quite clearly that the container should try to "match the longest path prefix mapping". What am I missing? Do I have the wrong 2.3 spec? Jim ----- Original Message ----- From: "Alex Loubyansky" <[EMAIL PROTECTED]> To: "Jim Crossley" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, July 17, 2002 2:20 AM Subject: Re[2]: [JBoss-user] Help with security-constraints please > Hello Jim, > > Tuesday, July 16, 2002, 11:28:06 PM, you wrote: > > JC> RESOLVED: > > JC> I switched the order of the constraints, making both Tomcat and Jetty happy. > JC> The spec says to use the most specific matching constraint. Jetty is doing > JC> that. Tomcat, on the other hand, seems to be using the first match it > JC> finds. > > And it follows the servlet2.3 spec (12.8): > "...For an application specifying multiple security constraints, on processing a request to > determine what authentication method to use, or what authorization to allow, the container > matches to security constraints on a 'first match wins' basis..." > > alex > > JC> Jim > > JC> ----- Original Message ----- > JC> From: "Jim Crossley" <[EMAIL PROTECTED]> > JC> To: <[EMAIL PROTECTED]> > JC> Sent: Tuesday, July 16, 2002 2:41 PM > JC> Subject: [JBoss-user] Help with security-constraints please > > > >> I have a web-app that I would like to be able to deploy on both jboss > >> bundles: jboss3/jetty and jboss3/tomcat4. I'm trying to restrict all > >> content EXCEPT my images. The following works great on jetty, but not on > >> tomcat. The first request for an image file results in my login form > JC> being > >> displayed with a bunch of broken images. Does anyone know what I can > JC> change > >> to make both containers work the same? > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>The whole site</web-resource-name> > >> <url-pattern>/</url-pattern> > >> <http-method>POST</http-method> > >> <http-method>PUT</http-method> > >> <http-method>GET</http-method> > >> </web-resource-collection> > >> <auth-constraint> > >> <role-name>*</role-name> > >> </auth-constraint> > >> </security-constraint> > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Images</web-resource-name> > >> <url-pattern>/images/*</url-pattern> > >> <http-method>POST</http-method> > >> <http-method>PUT</http-method> > >> <http-method>GET</http-method> > >> </web-resource-collection> > >> </security-constraint> > >> > >> Thanks, > >> Jim > >> > >> > >> > >> ------------------------------------------------------- > >> This sf.net email is sponsored by: Jabber - The world's fastest growing > >> real-time communications platform! Don't just IM. Build it in! > >> http://www.jabber.com/osdn/xim > >> _______________________________________________ > >> JBoss-user mailing list > >> [EMAIL PROTECTED] > >> https://lists.sourceforge.net/lists/listinfo/jboss-user > > > > JC> ------------------------------------------------------- > JC> This sf.net email is sponsored by: Jabber - The world's fastest growing > JC> real-time communications platform! Don't just IM. Build it in! > JC> http://www.jabber.com/osdn/xim > JC> _______________________________________________ > JC> JBoss-user mailing list > JC> [EMAIL PROTECTED] > JC> https://lists.sourceforge.net/lists/listinfo/jboss-user > > -- > Best regards, > Alex Loubyansky > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
