I want to block all access to files with a specific extension. I tried using a security constraint with a non-existent role but that did not prevent acess to files with the extension "vax".
It is impractical to move these files to a WEB-INF folder so they are out in the open for the time being. Do I need to create this role? Do users have to be mapped to the role and if so where is that done. The MemoryRealm with tomcat-users.xml did not work. | <security-constraint> | <web-resource-collection> | <web-resource-name>mask</web-resource-name> | <url-pattern>*.vax</url-pattern> | <auth-constraint> | <role-name>void</role-name> | </auth-constraint> | </web-resource-collection> | </security-constraint> | | <security-role> | <role-name>void</role-name> | </security-role> | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3901752#3901752 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3901752 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user