JC> Alex, I don't see any such text in section 12.8 of the 2.3 spec. (I do see JC> similar text in the 2.2 spec)
JC> My interpretation (and I suppose the Jetty authors as well) of the JC> applicable sections in either spec (2.3 refers to the same algorithm in its JC> section 11.1) is that its not the constraints that are applied in order but JC> the 4 rules described in the spec. The first rule says to try to match the JC> exact path. The second rule states quite clearly that the container should JC> try to "match the longest path prefix mapping". JC> What am I missing? Do I have the wrong 2.3 spec? Sorry, I do ;) That was a shippet from the Proposed Final Draft. I am sorry. And thanks for clarification. alex JC> Jim JC> ----- Original Message ----- JC> From: "Alex Loubyansky" <[EMAIL PROTECTED]> JC> To: "Jim Crossley" <[EMAIL PROTECTED]> JC> Cc: <[EMAIL PROTECTED]> JC> Sent: Wednesday, July 17, 2002 2:20 AM JC> Subject: Re[2]: [JBoss-user] Help with security-constraints please >> Hello Jim, >> >> Tuesday, July 16, 2002, 11:28:06 PM, you wrote: >> >> JC> RESOLVED: >> >> JC> I switched the order of the constraints, making both Tomcat and Jetty JC> happy. >> JC> The spec says to use the most specific matching constraint. Jetty is JC> doing >> JC> that. Tomcat, on the other hand, seems to be using the first match it >> JC> finds. >> >> And it follows the servlet2.3 spec (12.8): >> "...For an application specifying multiple security constraints, on JC> processing a request to >> determine what authentication method to use, or what authorization to JC> allow, the container >> matches to security constraints on a 'first match wins' basis..." >> >> alex >> >> JC> Jim >> >> JC> ----- Original Message ----- >> JC> From: "Jim Crossley" <[EMAIL PROTECTED]> >> JC> To: <[EMAIL PROTECTED]> >> JC> Sent: Tuesday, July 16, 2002 2:41 PM >> JC> Subject: [JBoss-user] Help with security-constraints please >> >> >> >> I have a web-app that I would like to be able to deploy on both jboss >> >> bundles: jboss3/jetty and jboss3/tomcat4. I'm trying to restrict all >> >> content EXCEPT my images. The following works great on jetty, but not JC> on >> >> tomcat. The first request for an image file results in my login form >> JC> being >> >> displayed with a bunch of broken images. Does anyone know what I can >> JC> change >> >> to make both containers work the same? >> >> >> >> <security-constraint> >> >> <web-resource-collection> >> >> <web-resource-name>The whole site</web-resource-name> >> >> <url-pattern>/</url-pattern> >> >> <http-method>POST</http-method> >> >> <http-method>PUT</http-method> >> >> <http-method>GET</http-method> >> >> </web-resource-collection> >> >> <auth-constraint> >> >> <role-name>*</role-name> >> >> </auth-constraint> >> >> </security-constraint> >> >> >> >> <security-constraint> >> >> <web-resource-collection> >> >> <web-resource-name>Images</web-resource-name> >> >> <url-pattern>/images/*</url-pattern> >> >> <http-method>POST</http-method> >> >> <http-method>PUT</http-method> >> >> <http-method>GET</http-method> >> >> </web-resource-collection> >> >> </security-constraint> >> >> >> >> Thanks, >> >> Jim >> >> >> >> >> >> >> >> ------------------------------------------------------- >> >> This sf.net email is sponsored by: Jabber - The world's fastest growing >> >> real-time communications platform! Don't just IM. Build it in! >> >> http://www.jabber.com/osdn/xim >> >> _______________________________________________ >> >> JBoss-user mailing list >> >> [EMAIL PROTECTED] >> >> https://lists.sourceforge.net/lists/listinfo/jboss-user >> >> >> >> JC> ------------------------------------------------------- >> JC> This sf.net email is sponsored by: Jabber - The world's fastest JC> growing >> JC> real-time communications platform! Don't just IM. Build it in! >> JC> http://www.jabber.com/osdn/xim >> JC> _______________________________________________ >> JC> JBoss-user mailing list >> JC> [EMAIL PROTECTED] >> JC> https://lists.sourceforge.net/lists/listinfo/jboss-user >> >> -- >> Best regards, >> Alex Loubyansky >> >> -- Best regards, Alex Loubyansky ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
