Just wanted to ask this question again...does anyone have any ideas?? I'm
really stuck here, any good tutorials or resources about security
constraints would be helpful. All of the ones I've seen online only handle
one constraint at a time, I've never seen how they work in terms of best
match first or otherwise.
Thanks,
Rahman
At 7/2/2004 11:47 AM, you wrote:
Hello,
I'm using Tomcat 5.0.25 and I'd like to use container-based security to
restrict access to one specific page. The problem is that this page
exists in different contexts, but using the same docbase. You can get a
better idea by looking at the first snippet included below.
You can see that the application itself is installed by default at context
/wiki, and there will be additional copies at /wiki/wikione and so
on. My goal is to restrict /wiki/Edit.jsp to one role,
/wiki/wikione/Edit.jsp to another role, etc. The web.xml I'm using right
now doesn't even prompt for authentication at all; the only time I can get
it to authorize anything is when I only have one security constraint, for
url-pattern /Edit.jsp.
Is there an easy to way to achieve this? Thanks...
Rahman
Server.xml snippet:
Context path=/wiki/wikione docBase=wiki debug=0
Parameter name=jspwiki.propertyfile
value=C:\tomcat\webapps\wiki\WEB-INF\wikione.properties
override=false/
/Context
The application's web.xml snippet:
security-constraint
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/wiki/Edit.jsp/url-pattern
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
role-namewikiadmin/role-name
/auth-constraint
/security-constraint
security-constraint
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/wiki/wikione/Edit.jsp/url-pattern
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
role-namewikioneadmin/role-name
/auth-constraint
/security-constraint
login-config
auth-methodBASIC/auth-method
realm-nameJSPWiki Editor/realm-name
/login-config
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]