In Glassfish and Tomcat the following constraint protects access for both "/index.jsp" and "/" URIs, but in Jetty the latter is unprotected:
<security-constraint> <display-name>Restricted</display-name> <web-resource-collection> <web-resource-name>index</web-resource-name> <description/> <url-pattern>/index.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>remembermeclient</role-name> </auth-constraint> </security-constraint> On the other hand, Jetty seems to support the empty string url-pattern inside security-constraint, but Tomcat and Glassfish don't. Who's right?
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
