Hello Colin, I am not sure, but I think you cannot do this, first an <web-resource-name> element means an UNIQUE name. Can you understand ? You must give it different names. Second thing, I never heard about <http-method> element.
Hope it will help. -- Best regards, Alexander mailto:[EMAIL PROTECTED] Friday, August 15, 2003, 1:38:17 AM, you wrote: MC> So I looked at the servlet spec, but it doesn't specify (as far as I read) MC> how hierarchical security constraints should work and Tomcat 4.1.27 seems to MC> not do hiarachical constraints :) Also searching the list I didn't turn up MC> results of this type, although I swear I've seen this issue before... MC> I want to secure "/*" with a standard role and then "/stuff1" with another MC> role and "/stuff2" with yet another role. MC> So I put in the web.xml: MC> <security-constraint> MC> <web-resource-collection> MC> <web-resource-name>General Secured content root</web-resource-name> MC> <url-pattern>/*</url-pattern> MC> <http-method>GET</http-method> MC> <http-method>POST</http-method> MC> </web-resource-collection> MC> <auth-constraint> MC> <role-name>standard</role-name> MC> </auth-constraint> MC> </security-constraint> MC> <security-constraint> MC> <web-resource-collection> MC> <web-resource-name>General Secured content root</web-resource-name> MC> <url-pattern>/stuff1</url-pattern> MC> <http-method>GET</http-method> MC> <http-method>POST</http-method> MC> </web-resource-collection> MC> <auth-constraint> MC> <role-name>usertype1</role-name> MC> </auth-constraint> MC> </security-constraint> MC> <security-constraint> MC> <web-resource-collection> MC> <web-resource-name>General Secured content root</web-resource-name> MC> <url-pattern>/stuff2</url-pattern> MC> <http-method>GET</http-method> MC> <http-method>POST</http-method> MC> </web-resource-collection> MC> <auth-constraint> MC> <role-name>usertype2</role-name> MC> </auth-constraint> MC> </security-constraint> MC> But the second two seem to be overriden by the first. (A link on a WebLogic MC> site shows the above to work, but I don't have WebLogic) MC> Is this known behavior or did I miss something? MC> --------------------------------------------------------------------- MC> To unsubscribe, e-mail: [EMAIL PROTECTED] MC> For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
